From e09fa444c62a3664a234f86cbe46cc9bebcd5d64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Mon, 24 Nov 2025 23:57:12 +0200
Subject: [PATCH] fra1-c: start enabling headscale

---
 hosts/fra1-c/configuration.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/hosts/fra1-c/configuration.nix b/hosts/fra1-c/configuration.nix
index c736f4b..ed3237e 100644
--- a/hosts/fra1-c/configuration.nix
+++ b/hosts/fra1-c/configuration.nix
@@ -85,6 +85,11 @@ in
         saslPasswdPath = config.age.secrets.sasl-passwd.path;
       };
 
+      headscale = {
+        enable = true;
+        subnetCIDR = myData.subnets.tailscale.cidr;
+      };
+
       deployerbot = {
         follower = {
           publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
@@ -149,6 +154,21 @@ in
   };
 
   services = {
+    caddy = {
+      enable = true;
+      email = "motiejus+acme@jakstys.lt";
+      globalConfig = ''
+        servers {
+          metrics {
+            per_host
+          }
+        }
+      '';
+      virtualHosts = {
+        "vpn.jakstys.lt".extraConfig = ''reverse_proxy 127.0.0.1:${toString myData.ports.headscale}'';
+      };
+    };
+
     nsd = {
       enable = true;
       interfaces = [