blob: 5a3c3e65e9626adf2616757302ceee595cb1e8f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
{ config, ... }:
let
ports = import ../Cloud/Ports.nix;
domain = "headscale.simatime.com";
in {
services.headscale = {
enable = true;
address = "0.0.0.0";
port = ports.headscale;
settings = {};
};
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
enableAcme = true;
locations."/" = {
proxyPass = "http://localhost:${toString ports.headscale}";
proxyWebsockets = true;
};
};
environment.systemPackages = [ config.services.headscale.package ];
services.tailscale.enable = true;
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
}
|