From c0b8720d2f2bf2ec6d13fa059f19a5b5d187d346 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Sun, 19 Nov 2023 17:58:39 +0100
Subject: [PATCH] tailscaled: start after headscale

---
 system/nixos/headscale.nix | 124 +++++++++++++++++++------------------
 1 file changed, 64 insertions(+), 60 deletions(-)

diff --git a/system/nixos/headscale.nix b/system/nixos/headscale.nix
index 08d3e9c..be09209 100644
--- a/system/nixos/headscale.nix
+++ b/system/nixos/headscale.nix
@@ -5,72 +5,76 @@ in
 {
   environment.systemPackages = [ pkgs.headscale ];
 
-  services.headscale = {
-    enable = true;
+  services = {
+    headscale = {
+      enable = true;
 
-    address = "127.0.0.1";
-    port = 8017;
+      address = "127.0.0.1";
+      port = 8017;
 
-    settings = {
-      ip_prefixes = [
-        "fd7a:115c:a1e0:1010::/64"
-        "100.64.10.0/24"
-      ];
-
-      db_type = "postgres";
-      db_host = "/run/postgresql";
-      db_name = "headscale";
-      db_user = "headscale";
-      db_password_file = config.age.secrets.headscale-database-password.path;
-
-      server_url = "https://${fqdn}";
-      acl_policy_path = config.age.secrets.headscale-acls.path;
-
-      dns_config = {
-        override_local_dns = false;
-
-        nameservers = [
-          "100.64.10.1"
-          "100.64.10.6"
+      settings = {
+        ip_prefixes = [
+          "fd7a:115c:a1e0:1010::/64"
+          "100.64.10.0/24"
         ];
 
-        base_domain = "mesh.kempkens.network";
+        db_type = "postgres";
+        db_host = "/run/postgresql";
+        db_name = "headscale";
+        db_user = "headscale";
+        db_password_file = config.age.secrets.headscale-database-password.path;
+
+        server_url = "https://${fqdn}";
+        acl_policy_path = config.age.secrets.headscale-acls.path;
+
+        dns_config = {
+          override_local_dns = false;
+
+          nameservers = [
+            "100.64.10.1"
+            "100.64.10.6"
+          ];
+
+          base_domain = "mesh.kempkens.network";
+        };
+      };
+    };
+
+    postgresql = {
+      ensureDatabases = [ "headscale" ];
+
+      ensureUsers = [
+        {
+          name = "headscale";
+          ensurePermissions = {
+            "DATABASE headscale" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+    };
+
+    nginx.virtualHosts."${fqdn}" = {
+      quic = true;
+      http3 = true;
+
+      onlySSL = true;
+      useACMEHost = "headscale.kempkens.network";
+
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyPass = "http://127.0.0.1:8017";
+        proxyWebsockets = true;
+      };
+
+      locations."/web" = {
+        root = "${pkgs.headscale-ui}/share";
       };
     };
   };
 
-  services.postgresql = {
-    ensureDatabases = [ "headscale" ];
-
-    ensureUsers = [
-      {
-        name = "headscale";
-        ensurePermissions = {
-          "DATABASE headscale" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-  };
-
-  services.nginx.virtualHosts."${fqdn}" = {
-    quic = true;
-    http3 = true;
-
-    onlySSL = true;
-    useACMEHost = "headscale.kempkens.network";
-
-    extraConfig = ''
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    '';
-
-    locations."/" = {
-      recommendedProxySettings = true;
-      proxyPass = "http://127.0.0.1:8017";
-      proxyWebsockets = true;
-    };
-
-    locations."/web" = {
-      root = "${pkgs.headscale-ui}/share";
-    };
-  };
+  systemd.services.tailscaled.after = [ "headscale.service" ];
 }