config

NixOS config
Log | Files | Refs | README | LICENSE

default.nix (1390B) - Raw


      1 {
      2   config,
      3   lib,
      4   pkgs,
      5   ...
      6 }:
      7 {
      8   options.mj.services.headscale = with lib.types; {
      9     enable = lib.mkEnableOption "Enable headscale";
     10     subnetCIDR = lib.mkOption { type = str; };
     11   };
     12 
     13   config = lib.mkIf config.mj.services.headscale.enable {
     14     environment.systemPackages = [ pkgs.headscale ];
     15 
     16     networking.firewall.allowedTCPPorts = [
     17       3478
     18       8080
     19     ];
     20     networking.firewall.allowedUDPPorts = [ 3478 ];
     21 
     22     services = {
     23       headscale = {
     24         enable = true;
     25         address = "0.0.0.0";
     26         settings = {
     27           server_url = "https://vpn.jakstys.lt";
     28           ip_prefixes = [ config.mj.services.headscale.subnetCIDR ];
     29           prefixes.v4 = config.mj.services.headscale.subnetCIDR;
     30           #log.level = "debug";
     31           log.level = "info";
     32           #policy.path = ./acl-policy.json;
     33           dns = {
     34             nameservers.global = [
     35               "1.1.1.1"
     36               "8.8.4.4"
     37             ];
     38             magic_dns = false;
     39             # https://github.com/juanfont/headscale/issues/2210
     40             base_domain = "jakst.vpn";
     41           };
     42         };
     43       };
     44 
     45     };
     46 
     47     systemd.services.headscale = {
     48       unitConfig.StartLimitIntervalSec = "5m";
     49 
     50       # Allow restarts for up to a minute. A start
     51       # itself may take a while, thus the window of restart
     52       # is higher.
     53       unitConfig.StartLimitBurst = 50;
     54     };
     55   };
     56 }