config/modules/services/headscale/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{
  options.mj.services.headscale = with lib.types; {
    enable = lib.mkEnableOption "Enable headscale";
    subnetCIDR = lib.mkOption { type = str; };
  };

  config = lib.mkIf config.mj.services.headscale.enable {
    environment.systemPackages = [ pkgs.headscale ];

    networking.firewall.allowedTCPPorts = [
      3478
      8080
    ];
    networking.firewall.allowedUDPPorts = [ 3478 ];

    services = {
      headscale = {
        enable = true;
        address = "0.0.0.0";
        settings = {
          server_url = "https://vpn.jakstys.lt";
          ip_prefixes = [ config.mj.services.headscale.subnetCIDR ];
          prefixes.v4 = config.mj.services.headscale.subnetCIDR;
          log.level = "warn";
          dns = {
            nameservers.global = [
              "1.1.1.1"
              "8.8.4.4"
            ];
            magic_dns = false;
            # https://github.com/juanfont/headscale/issues/2210
            base_domain = "jakst.vpn";
          };
        };
      };

    };

    systemd.services.headscale = {
      unitConfig.StartLimitIntervalSec = "5m";

      # Allow restarts for up to a minute. A start
      # itself may take a while, thus the window of restart
      # is higher.
      unitConfig.StartLimitBurst = 50;
      serviceConfig.RestartSec = 1;
    };
  };
}
headscale 2023-08-24 20:44:18 +00:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
nix fmt 2024-07-29 12:39:54 +00:00			`}:`
			`{`
headscale 2023-08-24 20:44:18 +00:00			`options.mj.services.headscale = with lib.types; {`
			`enable = lib.mkEnableOption "Enable headscale";`
nix fmt 2024-07-29 12:39:54 +00:00			`subnetCIDR = lib.mkOption { type = str; };`
headscale 2023-08-24 20:44:18 +00:00			`};`

			`config = lib.mkIf config.mj.services.headscale.enable {`
nix fmt 2024-07-29 12:39:54 +00:00			`environment.systemPackages = [ pkgs.headscale ];`
headscale 2023-08-24 20:44:18 +00:00
hs 2024-08-02 11:01:04 +00:00			`networking.firewall.allowedTCPPorts = [`
			`3478`
			`8080`
			`];`
nix fmt 2024-07-29 12:39:54 +00:00			`networking.firewall.allowedUDPPorts = [ 3478 ];`
headscale 2023-08-24 20:44:18 +00:00
			`services = {`
			`headscale = {`
			`enable = true;`
headscale: listen on 0.0.0.0 2024-08-02 10:45:25 +00:00			`address = "0.0.0.0";`
headscale 2023-08-24 20:44:18 +00:00			`settings = {`
			`server_url = "https://vpn.jakstys.lt";`
nix fmt 2024-07-29 12:39:54 +00:00			`ip_prefixes = [ config.mj.services.headscale.subnetCIDR ];`
headscale: +prefixes.ipv4 2024-11-20 19:13:39 +00:00			`prefixes.v4 = config.mj.services.headscale.subnetCIDR;`
headscale 2023-08-24 20:44:18 +00:00			`log.level = "warn";`
24.11 did not test samba and headscale yet https://github.com/juanfont/headscale/issues/2210#issuecomment-2480130747 2024-11-15 23:51:50 +00:00			`dns = {`
			`nameservers.global = [`
nix fmt 2024-07-29 12:39:54 +00:00			`"1.1.1.1"`
			`"8.8.4.4"`
			`];`
headscale 2023-08-24 20:44:18 +00:00			`magic_dns = false;`
Revert "headscale: revert base_domain to `jakst.`" This reverts commit b44d970914cbbacac8162ba47a8fca99c275700b. https://github.com/NixOS/nixpkgs/pull/374374 2025-01-16 20:26:47 +00:00			`# https://github.com/juanfont/headscale/issues/2210`
			`base_domain = "jakst.vpn";`
headscale 2023-08-24 20:44:18 +00:00			`};`
			`};`
			`};`

			`};`

			`systemd.services.headscale = {`
			`unitConfig.StartLimitIntervalSec = "5m";`

			`# Allow restarts for up to a minute. A start`
			`# itself may take a while, thus the window of restart`
			`# is higher.`
			`unitConfig.StartLimitBurst = 50;`
			`serviceConfig.RestartSec = 1;`
			`};`
			`};`
			`}`
No results found.