feat: add headplane

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-07-02 01:15:56 +02:00 · 2025-07-02 01:15:56 +02:00 · 69b736d829
commit 69b736d829
parent e2e780ea28
3 changed files with 143 additions and 25 deletions
--- a/flake.lock
+++ b/flake.lock
@ -34,6 +34,27 @@
        "type": "github"
      }
    },
+    "devshell": {
+      "inputs": {
+        "nixpkgs": [
+          "headplane",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1741473158,
+        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -144,6 +165,24 @@
        "type": "github"
      }
    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
@ -214,6 +253,28 @@
        "type": "github"
      }
    },
+    "headplane": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750653209,
+        "narHash": "sha256-/qz+wJimUKYPr6zfqqgF/H8V/YGKxKWZn+8+UUe8r7o=",
+        "owner": "igor-ramazanov",
+        "repo": "headplane",
+        "rev": "779af42601bc663504cb26180567253c12d72762",
+        "type": "github"
+      },
+      "original": {
+        "owner": "igor-ramazanov",
+        "repo": "headplane",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -444,7 +505,7 @@
    },
    "nuschtosSearch": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "ixx": "ixx",
        "nixpkgs": [
          "nixvim",
@ -490,6 +551,7 @@
      "inputs": {
        "catppuccin": "catppuccin",
        "disko": "disko",
+        "headplane": "headplane",
        "home-manager": "home-manager",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs_2",
@ -531,6 +593,21 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -32,6 +32,12 @@
        nixpkgs.follows = "nixpkgs";
      };
    };
+
+    # headplane
+    headplane = {
+      url = "github:igor-ramazanov/headplane";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs =
--- a/hosts/hosting-01/default.nix
+++ b/hosts/hosting-01/default.nix
@ -1,4 +1,9 @@
-{ config, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
 {
  imports = [
    ./disk-config.nix
@ -6,6 +11,8 @@
      _module.args.disks = [ "/dev/sda" ];
    }

+    inputs.headplane.nixosModules.headplane
+
    ../common/servers
  ];

@ -21,34 +28,62 @@
    ];
  };

-  services = {
-    nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-    };
+  nixpkgs.overlays = [ inputs.headplane.overlays.default ];

-    headscale = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 8080;
-      settings = {
-        server_url = "https://headscale.escapeangle.com";
-        dns = {
-          base_domain = "tailnet.escapeangle.com";
-        };
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  services.headscale = {
+    enable = true;
+    address = "0.0.0.0";
+    port = 8080;
+    settings = {
+      server_url = "https://headscale.escapeangle.com";
+      dns = {
+        base_domain = "tailnet.escapeangle.com";
      };
    };
+  };

-    nginx.virtualHosts."headscale.escapeangle.com" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${toString config.services.headscale.port}";
-        proxyWebsockets = true;
+  services.nginx.virtualHosts."headscale.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.headscale.port}";
+      proxyWebsockets = true;
+    };
+  };
+
+  services.headplane = {
+    enable = true;
+    agent.enable = false;
+
+    settings = {
+      server = {
+        host = "127.0.0.1";
+        port = 8081;
+        cookie_secret = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; # replaced in env
+        cookie_secure = true;
      };
+
+      headscale = {
+        url = "https://headscale.escapeangle.com";
+        config_strict = false;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."headplane.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.headplane.settings.server.port}";
+      proxyWebsockets = true;
    };
  };