This commit is contained in:
Motiejus Jakštys 2024-08-02 14:01:04 +03:00
parent 4a277fcb3c
commit 53753ac2ba
3 changed files with 14 additions and 14 deletions

View File

@ -1,7 +1,7 @@
{
myData,
pkgs,
config,
myData,
...
}:
let
@ -101,6 +101,12 @@ in
verboseLogs = false;
};
headscale = {
enable = true;
clientOidcPath = config.age.secrets.headscale-client-oidc.path;
subnetCIDR = myData.subnets.tailscale.cidr;
};
btrfsborg = {
enable = true;
passwordPath = config.age.secrets.borgbackup-password.path;

View File

@ -170,12 +170,6 @@
sshguard.enable = true;
hass.enable = true;
headscale = {
enable = true;
clientOidcPath = config.age.secrets.headscale-client-oidc.path;
subnetCIDR = myData.subnets.tailscale.cidr;
};
nsd-acme =
let
accountKey = config.age.secrets.letsencrypt-account-key.path;
@ -245,7 +239,9 @@
virtualHosts = {
"www.11sync.net".extraConfig = "redir https://jakstys.lt/2024/11sync-shutdown/";
"11sync.net".extraConfig = "redir https://jakstys.lt/2024/11sync-shutdown/";
"vpn.jakstys.lt".extraConfig = ''reverse_proxy ${
myData.hosts."fwminex.servers.jakst".jakstIP
}:8080"'';
"hass.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied

View File

@ -14,7 +14,10 @@
config = lib.mkIf config.mj.services.headscale.enable {
environment.systemPackages = [ pkgs.headscale ];
networking.firewall.allowedTCPPorts = [ 3478 ];
networking.firewall.allowedTCPPorts = [
3478
8080
];
networking.firewall.allowedUDPPorts = [ 3478 ];
services = {
@ -41,11 +44,6 @@
};
};
caddy = {
virtualHosts."vpn.jakstys.lt".extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
systemd.services.headscale = {