default.nix (1390B) - Raw
1 { 2 config, 3 lib, 4 pkgs, 5 ... 6 }: 7 { 8 options.mj.services.headscale = with lib.types; { 9 enable = lib.mkEnableOption "Enable headscale"; 10 subnetCIDR = lib.mkOption { type = str; }; 11 }; 12 13 config = lib.mkIf config.mj.services.headscale.enable { 14 environment.systemPackages = [ pkgs.headscale ]; 15 16 networking.firewall.allowedTCPPorts = [ 17 3478 18 8080 19 ]; 20 networking.firewall.allowedUDPPorts = [ 3478 ]; 21 22 services = { 23 headscale = { 24 enable = true; 25 address = "0.0.0.0"; 26 settings = { 27 server_url = "https://vpn.jakstys.lt"; 28 ip_prefixes = [ config.mj.services.headscale.subnetCIDR ]; 29 prefixes.v4 = config.mj.services.headscale.subnetCIDR; 30 #log.level = "debug"; 31 log.level = "info"; 32 #policy.path = ./acl-policy.json; 33 dns = { 34 nameservers.global = [ 35 "1.1.1.1" 36 "8.8.4.4" 37 ]; 38 magic_dns = false; 39 # https://github.com/juanfont/headscale/issues/2210 40 base_domain = "jakst.vpn"; 41 }; 42 }; 43 }; 44 45 }; 46 47 systemd.services.headscale = { 48 unitConfig.StartLimitIntervalSec = "5m"; 49 50 # Allow restarts for up to a minute. A start 51 # itself may take a while, thus the window of restart 52 # is higher. 53 unitConfig.StartLimitBurst = 50; 54 }; 55 }; 56 }