feat: add headplane

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-07-02 01:15:56 +02:00 · 2025-07-02 01:15:56 +02:00 · 69b736d829
commit 69b736d829
parent e2e780ea28
3 changed files with 143 additions and 25 deletions
--- a/hosts/hosting-01/default.nix
+++ b/hosts/hosting-01/default.nix
@ -1,4 +1,9 @@
-{ config, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
 {
  imports = [
    ./disk-config.nix
@ -6,6 +11,8 @@
      _module.args.disks = [ "/dev/sda" ];
    }

+    inputs.headplane.nixosModules.headplane
+
    ../common/servers
  ];

@ -21,34 +28,62 @@
    ];
  };

-  services = {
-    nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-    };
+  nixpkgs.overlays = [ inputs.headplane.overlays.default ];

-    headscale = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 8080;
-      settings = {
-        server_url = "https://headscale.escapeangle.com";
-        dns = {
-          base_domain = "tailnet.escapeangle.com";
-        };
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  services.headscale = {
+    enable = true;
+    address = "0.0.0.0";
+    port = 8080;
+    settings = {
+      server_url = "https://headscale.escapeangle.com";
+      dns = {
+        base_domain = "tailnet.escapeangle.com";
      };
    };
+  };

-    nginx.virtualHosts."headscale.escapeangle.com" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${toString config.services.headscale.port}";
-        proxyWebsockets = true;
+  services.nginx.virtualHosts."headscale.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.headscale.port}";
+      proxyWebsockets = true;
+    };
+  };
+
+  services.headplane = {
+    enable = true;
+    agent.enable = false;
+
+    settings = {
+      server = {
+        host = "127.0.0.1";
+        port = 8081;
+        cookie_secret = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; # replaced in env
+        cookie_secure = true;
      };
+
+      headscale = {
+        url = "https://headscale.escapeangle.com";
+        config_strict = false;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."headplane.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.headplane.settings.server.port}";
+      proxyWebsockets = true;
    };
  };