tailscaled: start after headscale

2023-11-19 17:58:39 +01:00 · 2023-11-19 17:58:39 +01:00 · c0b8720d2f
commit c0b8720d2f
parent e6bdc582d3
1 changed files with 64 additions and 60 deletions
--- a/system/nixos/headscale.nix
+++ b/system/nixos/headscale.nix
@ -5,72 +5,76 @@ in
 {
  environment.systemPackages = [ pkgs.headscale ];
-  services.headscale = {
+  services = {
-    enable = true;
+    headscale = {
      enable = true;
-    address = "127.0.0.1";
+      address = "127.0.0.1";
-    port = 8017;
+      port = 8017;
-    settings = {
+      settings = {
-      ip_prefixes = [
+        ip_prefixes = [
-        "fd7a:115c:a1e0:1010::/64"
+          "fd7a:115c:a1e0:1010::/64"
-        "100.64.10.0/24"
+          "100.64.10.0/24"
      ];
      db_type = "postgres";
      db_host = "/run/postgresql";
      db_name = "headscale";
      db_user = "headscale";
      db_password_file = config.age.secrets.headscale-database-password.path;
      server_url = "https://${fqdn}";
      acl_policy_path = config.age.secrets.headscale-acls.path;
      dns_config = {
        override_local_dns = false;
        nameservers = [
          "100.64.10.1"
          "100.64.10.6"
        ];
-        base_domain = "mesh.kempkens.network";
+        db_type = "postgres";
        db_host = "/run/postgresql";
        db_name = "headscale";
        db_user = "headscale";
        db_password_file = config.age.secrets.headscale-database-password.path;
        server_url = "https://${fqdn}";
        acl_policy_path = config.age.secrets.headscale-acls.path;
        dns_config = {
          override_local_dns = false;
          nameservers = [
            "100.64.10.1"
            "100.64.10.6"
          ];
          base_domain = "mesh.kempkens.network";
        };
      };
    };
    postgresql = {
      ensureDatabases = [ "headscale" ];
      ensureUsers = [
        {
          name = "headscale";
          ensurePermissions = {
            "DATABASE headscale" = "ALL PRIVILEGES";
          };
        }
      ];
    };
    nginx.virtualHosts."${fqdn}" = {
      quic = true;
      http3 = true;
      onlySSL = true;
      useACMEHost = "headscale.kempkens.network";
      extraConfig = ''
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
      '';
      locations."/" = {
        recommendedProxySettings = true;
        proxyPass = "http://127.0.0.1:8017";
        proxyWebsockets = true;
      };
      locations."/web" = {
        root = "${pkgs.headscale-ui}/share";
      };
    };
  };
-  services.postgresql = {
+  systemd.services.tailscaled.after = [ "headscale.service" ];
    ensureDatabases = [ "headscale" ];
    ensureUsers = [
      {
        name = "headscale";
        ensurePermissions = {
          "DATABASE headscale" = "ALL PRIVILEGES";
        };
      }
    ];
  };
  services.nginx.virtualHosts."${fqdn}" = {
    quic = true;
    http3 = true;
    onlySSL = true;
    useACMEHost = "headscale.kempkens.network";
    extraConfig = ''
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    '';
    locations."/" = {
      recommendedProxySettings = true;
      proxyPass = "http://127.0.0.1:8017";
      proxyWebsockets = true;
    };
    locations."/web" = {
      root = "${pkgs.headscale-ui}/share";
    };
  };
 }