From 53753ac2baf4b7839baa17339026448f5b34cb98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Fri, 2 Aug 2024 14:01:04 +0300
Subject: [PATCH] hs

---
 hosts/fwminex/configuration.nix        |  8 +++++++-
 hosts/vno1-oh2/configuration.nix       | 10 +++-------
 modules/services/headscale/default.nix | 10 ++++------
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index b942f87..3581487 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -1,7 +1,7 @@
 {
-  myData,
   pkgs,
   config,
+  myData,
   ...
 }:
 let
@@ -101,6 +101,12 @@ in
         verboseLogs = false;
       };
 
+      headscale = {
+        enable = true;
+        clientOidcPath = config.age.secrets.headscale-client-oidc.path;
+        subnetCIDR = myData.subnets.tailscale.cidr;
+      };
+
       btrfsborg = {
         enable = true;
         passwordPath = config.age.secrets.borgbackup-password.path;
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index e7bfb53..ea114ff 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -170,12 +170,6 @@
       sshguard.enable = true;
       hass.enable = true;
 
-      headscale = {
-        enable = true;
-        clientOidcPath = config.age.secrets.headscale-client-oidc.path;
-        subnetCIDR = myData.subnets.tailscale.cidr;
-      };
-
       nsd-acme =
         let
           accountKey = config.age.secrets.letsencrypt-account-key.path;
@@ -245,7 +239,9 @@
       virtualHosts = {
         "www.11sync.net".extraConfig = "redir https://jakstys.lt/2024/11sync-shutdown/";
         "11sync.net".extraConfig = "redir https://jakstys.lt/2024/11sync-shutdown/";
-
+        "vpn.jakstys.lt".extraConfig = ''reverse_proxy ${
+          myData.hosts."fwminex.servers.jakst".jakstIP
+        }:8080"'';
         "hass.jakstys.lt".extraConfig = ''
           @denied not remote_ip ${myData.subnets.tailscale.cidr}
           abort @denied
diff --git a/modules/services/headscale/default.nix b/modules/services/headscale/default.nix
index 4f68bd6..43c97ee 100644
--- a/modules/services/headscale/default.nix
+++ b/modules/services/headscale/default.nix
@@ -14,7 +14,10 @@
   config = lib.mkIf config.mj.services.headscale.enable {
     environment.systemPackages = [ pkgs.headscale ];
 
-    networking.firewall.allowedTCPPorts = [ 3478 ];
+    networking.firewall.allowedTCPPorts = [
+      3478
+      8080
+    ];
     networking.firewall.allowedUDPPorts = [ 3478 ];
 
     services = {
@@ -41,11 +44,6 @@
         };
       };
 
-      caddy = {
-        virtualHosts."vpn.jakstys.lt".extraConfig = ''
-          reverse_proxy 127.0.0.1:8080
-        '';
-      };
     };
 
     systemd.services.headscale = {