From 69b736d82972ac8b7e0803a3ac5fa182835928fc Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Wed, 2 Jul 2025 01:15:56 +0200 Subject: [PATCH] feat: add headplane Signed-off-by: Lander Van den Bulcke --- flake.lock | 79 +++++++++++++++++++++++++++++++++- flake.nix | 6 +++ hosts/hosting-01/default.nix | 83 +++++++++++++++++++++++++----------- 3 files changed, 143 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 38c98d9..f9389e5 100644 --- a/flake.lock +++ b/flake.lock @@ -34,6 +34,27 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "headplane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -144,6 +165,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -214,6 +253,28 @@ "type": "github" } }, + "headplane": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750653209, + "narHash": "sha256-/qz+wJimUKYPr6zfqqgF/H8V/YGKxKWZn+8+UUe8r7o=", + "owner": "igor-ramazanov", + "repo": "headplane", + "rev": "779af42601bc663504cb26180567253c12d72762", + "type": "github" + }, + "original": { + "owner": "igor-ramazanov", + "repo": "headplane", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -444,7 +505,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -490,6 +551,7 @@ "inputs": { "catppuccin": "catppuccin", "disko": "disko", + "headplane": "headplane", "home-manager": "home-manager", "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs_2", @@ -531,6 +593,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 58becf3..1b72c2a 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,12 @@ nixpkgs.follows = "nixpkgs"; }; }; + + # headplane + headplane = { + url = "github:igor-ramazanov/headplane"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/hosts/hosting-01/default.nix b/hosts/hosting-01/default.nix index 0823bc1..cb10578 100644 --- a/hosts/hosting-01/default.nix +++ b/hosts/hosting-01/default.nix @@ -1,4 +1,9 @@ -{ config, ... }: +{ + inputs, + config, + pkgs, + ... +}: { imports = [ ./disk-config.nix @@ -6,6 +11,8 @@ _module.args.disks = [ "/dev/sda" ]; } + inputs.headplane.nixosModules.headplane + ../common/servers ]; @@ -21,34 +28,62 @@ ]; }; - services = { - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; + nixpkgs.overlays = [ inputs.headplane.overlays.default ]; - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://headscale.escapeangle.com"; - dns = { - base_domain = "tailnet.escapeangle.com"; - }; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + + services.headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://headscale.escapeangle.com"; + dns = { + base_domain = "tailnet.escapeangle.com"; }; }; + }; - nginx.virtualHosts."headscale.escapeangle.com" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; + services.nginx.virtualHosts."headscale.escapeangle.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + + services.headplane = { + enable = true; + agent.enable = false; + + settings = { + server = { + host = "127.0.0.1"; + port = 8081; + cookie_secret = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; # replaced in env + cookie_secure = true; }; + + headscale = { + url = "https://headscale.escapeangle.com"; + config_strict = false; + }; + }; + }; + + services.nginx.virtualHosts."headplane.escapeangle.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.headplane.settings.server.port}"; + proxyWebsockets = true; }; };