lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/hosts/hosting-01/default.nix
Lander Van den Bulcke e98d47e7c1
fix: use config from docs 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-07-02 09:16:52 +02:00

109 lines
2.4 KiB
Nix
Raw Blame History

{
inputs,
config,
pkgs,
lib,
...
}:
let
format = pkgs.formats.yaml { };
settings = lib.recursiveUpdate config.services.headscale.settings {
acme_email = "/dev/null";
tls_cert_path = "/dev/null";
tls_key_path = "/dev/null";
policy.path = "/dev/null";
oidc.client_secret_path = "/dev/null";
};
headscaleConfig = format.generate "headscale.yml" settings;
in
{
imports = [
./disk-config.nix
{
_module.args.disks = [ "/dev/sda" ];
}
inputs.headplane.nixosModules.headplane
../common/servers
];
time.timeZone = "Europe/Berlin";
networking.hostName = "hosting-01";
networking.nameservers = [ "8.8.8.8" ];
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
nixpkgs.overlays = [ inputs.headplane.overlays.default ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
services.headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
settings = {
server_url = "https://headscale.escapeangle.com";
dns = {
base_domain = "tailnet.escapeangle.com";
};
};
};
services.nginx.virtualHosts."headscale.escapeangle.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
services.headplane = {
enable = true;
agent.enable = false;
settings = {
server = {
host = "127.0.0.1";
port = 8081;
cookie_secret = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; # replaced in env
cookie_secure = true;
};
headscale = {
url = "https://headscale.escapeangle.com";
config_path = "${headscaleConfig}";
config_strict = true;
};
integration.proc.enabled = true;
};
};
services.nginx.virtualHosts."headplane.escapeangle.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.headplane.settings.server.port}";
proxyWebsockets = true;
};
};
security.acme.defaults.email = "landervandenbulcke@gmail.com";
security.acme.acceptTerms = true;
system.stateVersion = "25.05";
}
Reference in a new issue View git blame Copy permalink