1
0
Fork 0

tailscaled: start after headscale

This commit is contained in:
Daniel Kempkens 2023-11-19 17:58:39 +01:00
parent e6bdc582d3
commit c0b8720d2f
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM

View file

@ -5,72 +5,76 @@ in
{
environment.systemPackages = [ pkgs.headscale ];
services.headscale = {
enable = true;
services = {
headscale = {
enable = true;
address = "127.0.0.1";
port = 8017;
address = "127.0.0.1";
port = 8017;
settings = {
ip_prefixes = [
"fd7a:115c:a1e0:1010::/64"
"100.64.10.0/24"
];
db_type = "postgres";
db_host = "/run/postgresql";
db_name = "headscale";
db_user = "headscale";
db_password_file = config.age.secrets.headscale-database-password.path;
server_url = "https://${fqdn}";
acl_policy_path = config.age.secrets.headscale-acls.path;
dns_config = {
override_local_dns = false;
nameservers = [
"100.64.10.1"
"100.64.10.6"
settings = {
ip_prefixes = [
"fd7a:115c:a1e0:1010::/64"
"100.64.10.0/24"
];
base_domain = "mesh.kempkens.network";
db_type = "postgres";
db_host = "/run/postgresql";
db_name = "headscale";
db_user = "headscale";
db_password_file = config.age.secrets.headscale-database-password.path;
server_url = "https://${fqdn}";
acl_policy_path = config.age.secrets.headscale-acls.path;
dns_config = {
override_local_dns = false;
nameservers = [
"100.64.10.1"
"100.64.10.6"
];
base_domain = "mesh.kempkens.network";
};
};
};
postgresql = {
ensureDatabases = [ "headscale" ];
ensureUsers = [
{
name = "headscale";
ensurePermissions = {
"DATABASE headscale" = "ALL PRIVILEGES";
};
}
];
};
nginx.virtualHosts."${fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "headscale.kempkens.network";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8017";
proxyWebsockets = true;
};
locations."/web" = {
root = "${pkgs.headscale-ui}/share";
};
};
};
services.postgresql = {
ensureDatabases = [ "headscale" ];
ensureUsers = [
{
name = "headscale";
ensurePermissions = {
"DATABASE headscale" = "ALL PRIVILEGES";
};
}
];
};
services.nginx.virtualHosts."${fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "headscale.kempkens.network";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8017";
proxyWebsockets = true;
};
locations."/web" = {
root = "${pkgs.headscale-ui}/share";
};
};
systemd.services.tailscaled.after = [ "headscale.service" ];
}