60 lines
1.4 KiB
Nix
60 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
inherit (lib) mkIf;
|
|
|
|
cfg = config.pepe.services.headscale;
|
|
in
|
|
{
|
|
options.pepe.services.headscale = with lib; {
|
|
enable = mkEnableOption "Enable Headscale";
|
|
package = mkPackageOption pkgs "headscale" { };
|
|
domain = mkOption {
|
|
type = types.str;
|
|
default = null;
|
|
description = "Domain for the Headscale service.";
|
|
};
|
|
host = mkOption {
|
|
type = types.str;
|
|
default = "127.0.0.1";
|
|
description = "Host for the Headscale service.";
|
|
};
|
|
port = mkOption {
|
|
type = types.int;
|
|
default = 1194;
|
|
description = "Port for the Headscale service.";
|
|
};
|
|
settings = mkOption {
|
|
type = types.attrsOf types.anything;
|
|
default = { };
|
|
description = "Arbitrary configuration settings for Headscale.";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
services.headscale = {
|
|
enable = true;
|
|
package = cfg.package;
|
|
port = cfg.port;
|
|
settings = cfg.settings;
|
|
};
|
|
|
|
pepe.core = {
|
|
firewall.openUDP = [ cfg.port ];
|
|
vhost.hosts.${cfg.domain} = {
|
|
locations."/" = {
|
|
host = cfg.host;
|
|
port = cfg.port;
|
|
allowWAN = true;
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|