{ config, pkgs, ... }: let baseDomain = "giugl.io"; domain = "vipienne.${baseDomain}"; headscalePkg = pkgs.unstablePkgs.headscale; in { environment.systemPackages = [ headscalePkg ]; architect = { firewall = { openUDP = [ config.services.tailscale.port ]; }; vhost.${domain} = { dnsInterfaces = [ "lan" "tailscale" ]; locations."/" = { port = config.services.headscale.port; allowWAN = true; proxyWebsockets = true; }; }; }; services.headscale = { enable = true; package = headscalePkg; port = 1194; settings = { server_url = "https://${domain}"; log.level = "debug"; dns_config = { magic_dns = false; base_domain = baseDomain; override_local_dns = true; nameservers = [ config.architect.networks.tailscale.devices.architect.address ]; }; logtail.enabled = false; ip_prefixes = [ config.architect.networks.tailscale.net ]; noise.private_key_path = "/var/lib/headscale/noise_private.key"; }; }; }