diff --git a/hosts/architect/headscale.nix b/hosts/architect/headscale.nix index 6b01593..12ae648 100644 --- a/hosts/architect/headscale.nix +++ b/hosts/architect/headscale.nix @@ -1,8 +1,9 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let domain = "vipienne.giugl.io"; - network = import ./network.nix; + architectInterfaceAddress = interface: + config.architect.networks.${interface}.devices.architect.address; in { architect.firewall = { @@ -10,9 +11,9 @@ in }; networking.extraHosts = '' - ${network.architect-lan} ${domain} - ${network.architect-wg} ${domain} - ${network.architect-ts} ${domain} + ${architectInterfaceAddress "lan"} ${domain} + ${architectInterfaceAddress "wireguard"} ${domain} + ${architectInterfaceAddress "tailscale"} ${domain} ''; environment.systemPackages = [ pkgs.unstablePkgs.headscale ]; @@ -28,13 +29,17 @@ in settings = { dns_config = { magic_dns = true; -# domains = [ "giugl.io" "runas.rocks" ]; -# base_domain = "giugl.io"; + domains = [ + "giugl.io" + "runas.rocks" + "devs.giugl.io" + ]; + base_domain = "giugl.io"; override_local_dns = true; - nameservers = "10.4.0.2"; + nameservers = [ config.architect.networks.tailscale.devices.architect.address ]; }; logtail.enabled = false; - ip_prefixes = [ "10.4.0.0/24" ]; + ip_prefixes = [ config.architect.networks.tailscale.net ]; # The Noise private key is used to encrypt the # traffic between headscale and Tailscale clients when # using the new Noise-based protocol. It must be different @@ -43,10 +48,6 @@ in }; }; - # ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem"; - # ssl.cert = - # "${config.security.acme.certs.${domain}.directory}/fullchain.pem"; - nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true;