peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tailscale: Use networking attrset

Browse Source
This commit is contained in:
Giulio De Pasquale 2023-05-12 14:28:39 +02:00
parent 3a4d4e9c4f
commit 1e19a08665
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
hosts/architect/headscale.nix
View File

@ -1,8 +1,9 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
domain = "vipienne.giugl.io";
network = import ./network.nix;
architectInterfaceAddress = interface:
config.architect.networks.${interface}.devices.architect.address;
in
{
architect.firewall = {
@ -10,9 +11,9 @@ in
};
networking.extraHosts = ''
${network.architect-lan} ${domain}
${network.architect-wg} ${domain}
${network.architect-ts} ${domain}
${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain}
'';
environment.systemPackages = [ pkgs.unstablePkgs.headscale ];
@ -28,13 +29,17 @@ in
settings = {
dns_config = {
magic_dns = true;
# domains = [ "giugl.io" "runas.rocks" ];
# base_domain = "giugl.io";
domains = [
"giugl.io"
"runas.rocks"
"devs.giugl.io"
];
base_domain = "giugl.io";
override_local_dns = true;
nameservers = "10.4.0.2";
nameservers = [ config.architect.networks.tailscale.devices.architect.address ];
};
logtail.enabled = false;
ip_prefixes = [ "10.4.0.0/24" ];
ip_prefixes = [ config.architect.networks.tailscale.net ];
# The Noise private key is used to encrypt the
# traffic between headscale and Tailscale clients when
# using the new Noise-based protocol. It must be different
@ -43,10 +48,6 @@ in
};
};
# ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
# ssl.cert =
# "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;