From 51457c2bee4d97ca379fca5e39854f26db73935c Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Fri, 22 Sep 2023 23:59:48 +0200
Subject: [PATCH] headscale: prepare for jellyfin move

---
 agenix/hosts/tanker/headscale/acls.age | Bin 1249 -> 1418 bytes
 system/nixos/adguardhome.nix           |   2 +-
 system/nixos/headscale.nix             |  11 +++++++++++
 system/nixos/jellyfin.nix              |  10 ++++++++++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/agenix/hosts/tanker/headscale/acls.age b/agenix/hosts/tanker/headscale/acls.age
index ca8526229c721097e8b643e50cea22f0a317f044..efe735610a3004a19d3dda9ec188102c8e37f836 100644
GIT binary patch
delta 1391
zcmV-#1(5pT35pAlEPqO9H&{hzZ!}a)GiOk7O;}|^a#}Y@WOg_)X;NWNN>W8rN>yQU
zX;gA+NeWY1Gj366d1+5MPe^EbIcjoHOiyYwLT++bG+Jm&GjcLBQbJN@T1#nJcM2^&
zAaiqQEoEdfH8n9gAZbrHFEnQ$dPFgDcTGz}F=uaDaXDf_Vt+AYaz<2PPD@fva#mMw
zRd;tUacDwUVK78%3U@U`FgY(xHcW9+IdN!BQ%hGyM`Sipb!%@{G%-SNc6n7<Mn`RB
zc13G<3N1b$WkD@xa%Ew2Wgt#VU40-ZaV2;lJya)YH)$YiG;}8lVr*4YP*8DYM0j;M
zY(_<5Rxng6PJe7zOi*D?QgKX4R7Oy5ab$W_c4}2{WNtH9S8+@*Lt#)&PD5^bG-6O_
zZVFOsM>BUsS8z9FYc*$dL}YSjS~LnREiE8ea#U|YM{Z<OD@IpFPeDg<bSqjbH$+o;
zRby#&bZ%HwL_uk3R&{z%YBUOp)0|d=qVsS~M;pZHUw?uYEZP!G{r#V8fDgEPl$?uV
zjM}xc{l@S}l8O02Qw<FO=6@#1V7&QKRC?=CEKQJY_0*TA`Ym=MgPP*w4S@i_?TT_z
zwO*_Fbx{hvpGwE23m(`uRw|ZOYrp6CyR@VVuZpIU-@VWn6d7Hd1q&yYxa8+k=)j<=
zg&iKd1Ah%n*XrHRHq`N{m%Le26Nwg?>nTU!Em0fThd##O8pXiE1veo{Tg;;gY94`U
zKFrdnWa35JnfYDlL=q*H|Ct$)@Z+|3l*bf|Aet(`i)p+|DjQZ&__iiLDlM*ta3<OV
z$%;>y|Go~QmRu|x-7g}@wQUM@Xu0C&JD9=gJ%3YsSu&B!C5k_q4|1=bM#G!pPeT8e
zCAY06H5ch@5Mr@_dW_vnF|o>XkAygZHfyG;1CJPn*CpUYbkp~Xb)TQWSOOg68ZM-1
z3UfW5_qS!}c_b_oE&}EGQbGXL1(n6(cn{RTjbq|h>8qoc0d+i(KCd?2$rXrVO*h&W
z$bZ{zmk~<)F-izRM`WQVY@G*U`Y3`iW)Cgr8|2U{JXp2xWMyBP=sk1*uZOgr&Z%_S
zAg?LAr?9O9U0NUQzi86gh>j;;!16m(mDM(ktddFefq?Nl&inmle10L)ytQe~%-nlp
zOgM99#6N_aNh}WPm~=W&_Od-e_-Us_1%C*oIFW;`ClI`6TI6_6sKIwSR5oS!7Bx=R
z45p?~ratSt4z*Iqp8y#9Um;5{X1IgXIm=9)EdI@R`<Q<_Q!TPZBG4)0?K<)3@tL_m
zutoZVh)sAXwA75tPnk$e-0MzGI2>8_WC@|E(kk_plN0!aqG+6z!z^S>#?mW@5PwDN
z3}O7!VO?41z+t`rDxrcG&x{c$9rrRsw_$(Oq!4AV^Lm#yXS4c2eVFK*uFZuoaQG$N
zB=t?u$Qj8al$J!j@d}af=^dIgDb!bBc$7VyFH}(R#QiiI=bqq6E=1fH418G#(|<3+
za_3L|h|VyF=5>;0am)gwHB`}l;(yi!Q3H+nolwL5Bsq|yT#g+0$MyM<T52}(@!mpv
z6#e|~wk1mln#sSf!fNZ=QH=<q2T{uSvXQl<l>B5oBhP6z7c7|{ND)rJd-@;z*TX&e
zkCP1l&x=6IT{gLO3GBe2EpcULwV;n0@CM)gy5YVVQq@~**?}+BAp!xA%xKXMfXZ10
zqRwHwLu?M<*m|N9RlHQ4<7|#VQM&EKG)hH-GC3m)S$0H8T)6wa9URJ4qyf%lfJj9p
xQabOcHGpp7X%%>ckgs*kyn&DOXA&^-;BxlA4L$1UF7elKW)AXtBmy-x5CH5;b?5*9

delta 1221
zcmV;$1UmbQ3*iZnEPpauT6AJ*crkcxS8sPOaxX_wYI1sEcuG=dPb({BHA+KvMQLMp
zXE1S5NeVAmD`8MpO=2}vN=j@_VOULWIWKNYcuqKGRc=&zHEL)}Zg5#zR#|L%YYHts
zAaiqQEoEdfH8n9gAZbrHFEnQ$Pc&9~Wp6fkZFEpIT60rPGJkerWL9r_V?t|rS3`1e
zQf+KcQ%`bhOGH9N3NuJ~XhSe@VMJ_eWl?KrD{5;mLs2n7S3*T+Y-?9!b!k{jD`8<+
zN-IN23N1b$Gc9LwWnpt=3Q22WT5vOGOIc)6P%u<NQ+j1eG72p%Eg)xkHEvg9QDRR~
zYAa1-Y;{g(Lw`hWG<rB>HZo9oL1TJqQ#o~TVN_OXIb#Z*cOT%6`P}8}FPs$RLNjMJ
z;3P_YlE$F=n=0JMfofwAFDDM=nTc9(Bsr^}*G<V=N4*ggp`LuZYyc*xd+v0`vXvw(
zZjQamvr`=HjY}ra!7GtTE=1VCxWR@^1vrjBsJcDkPk$}VILckrVdo_y#vxGXy&oD5
zII`#)y8H{|7bpeN5f*ZJ#P%X)zH893EjiPmp}ET~z=V4p%X3lDQrMsEi6W71om`Mv
z{2gb2E)>fvZWz01Tu*B(*}4^We()9^49Bscz0(K5yqG0*`L3kfu2z1yR7=TX9r&LE
zM%fn^%70vQykCV-R~A^wPxgQ3I(KGk3xgFXlS?&dMqYY9LBUawAtm1ii1GK8Ub3n6
zx<5Y0Bj69^(SV+uwBWrU1+XC8oR0Oejp;vAhs#E%(=wIUZL#lq(6FNF{_(oMFIw2y
z>n*%9nXqK~e|BPqmL%&Y$-gwbcqlqvml}Z9s(;;8M_oi1DYd$w<;-<ZLj}0z#TDcV
zmCq&C!d@D3H7S*XVcxoZf{?W&?W~=JnI5Kp;r!A{|E<&*l~yTKcz%!6*r^CY{!sG~
z%1a;XOO;6m<XioIQrB}h2f&_Wh743@5?I{2`xGZH53i4(LH1z%sb@%sIC&CfSLShe
zQh!)glo~V(l}nbZUyO2sSP47?J{jrpg>;2UN8{+B&!?BX_>VlvYw?P~*C}!S+3&i4
zzh!zp0xdefwyFom#G|7V45~_v8$2NRCIU5Etxx~{LIyj4{43Ph(QIv(ST8U}X%vrB
z#$bMYo4kn3T3dBU^mEOex2r6f(Pp4Blz-*T!LI`MYOA+C;Ugo{90yK^4c*ZVxwhPf
zzmWP25uW2jn%GG@qQcYIErHdKIh=OA(e+0@do{8I%(4t3rZP9gYrbhNacQD?tzKLW
zR2d6u17hr?okq~qVHHCZ0b->YQGQHf|3a?0Ou9iYPwc<d=sgXnCe?u?4!hXf2Y)-+
zd8EF^mG*g$;I^h#4_D#_G&YCb8`eB0z*g8$F=gJMZcBh<4P?py5`RJ62jf~?i3{eg
zJKL)Nck90}0~g)7Jn>bI?8X2Emfb6tLE%bMMD<4(7PJNHlUk{OznR&~*i$3J5Zh%Z
zQQ{1;6^=^NAfM4jn4&O>-_n?uEk3cfSZr2fN$1ZhJOlJn!6PFFgEoU)ntwxCphT)p
j^u{WC)W#ez&aX+|{1VwE4n90<B`ik>cO~rqR2o&Z8X_q0

diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix
index c144f0e..6f1b148 100644
--- a/system/nixos/adguardhome.nix
+++ b/system/nixos/adguardhome.nix
@@ -44,7 +44,7 @@
 
   networking.firewall.interfaces =
     let
-      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks;
+      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
     in
     builtins.listToAttrs
       (builtins.map
diff --git a/system/nixos/headscale.nix b/system/nixos/headscale.nix
index bdbd66f..08d3e9c 100644
--- a/system/nixos/headscale.nix
+++ b/system/nixos/headscale.nix
@@ -25,6 +25,17 @@ in
 
       server_url = "https://${fqdn}";
       acl_policy_path = config.age.secrets.headscale-acls.path;
+
+      dns_config = {
+        override_local_dns = false;
+
+        nameservers = [
+          "100.64.10.1"
+          "100.64.10.6"
+        ];
+
+        base_domain = "mesh.kempkens.network";
+      };
     };
   };
 
diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix
index 4516643..de6cf97 100644
--- a/system/nixos/jellyfin.nix
+++ b/system/nixos/jellyfin.nix
@@ -30,12 +30,22 @@
         addr = "0.0.0.0";
         port = 9920;
         ssl = true;
+        extraParameters = [
+          "fastopen=63"
+          "backlog=1023"
+          "deferred"
+        ];
       }
 
       {
         addr = "[::0]";
         port = 9920;
         ssl = true;
+        extraParameters = [
+          "fastopen=63"
+          "backlog=1023"
+          "deferred"
+        ];
       }
     ];