mirror of
https://github.com/anotherhadi/nixy.git
synced 2026-04-02 19:12:11 +02:00
60 lines
1.5 KiB
Nix
60 lines
1.5 KiB
Nix
{ config, ... }:
|
|
let
|
|
derpPort = 3478;
|
|
domain = "hadi.diy";
|
|
in {
|
|
services = {
|
|
headscale = {
|
|
enable = true;
|
|
port = 8085;
|
|
address = "127.0.0.1";
|
|
settings = {
|
|
dns = {
|
|
override_local_dns = true;
|
|
base_domain = "ts.${domain}";
|
|
magic_dns = true;
|
|
nameservers.global = [ "9.9.9.9" ];
|
|
# extra_records = [{
|
|
# name = "merope.${domain}";
|
|
# type = "A";
|
|
# value = "100.77.0.5";
|
|
# }];
|
|
};
|
|
server_url = "https://tailscale.${domain}";
|
|
metrics_listen_addr = "127.0.0.1:8095";
|
|
logtail = { enabled = false; };
|
|
log = { level = "warn"; };
|
|
ip_prefixes = [ "100.77.0.0/24" "fd7a:115c:a1e0:77::/64" ];
|
|
derp.server = {
|
|
enable = true;
|
|
region_id = 999;
|
|
stun_listen_addr = "0.0.0.0:${toString derpPort}";
|
|
};
|
|
};
|
|
};
|
|
|
|
nginx.virtualHosts = {
|
|
"tailscale.${domain}" = {
|
|
useACMEHost = "hadi.diy";
|
|
forceSSL = true;
|
|
locations = {
|
|
"/" = {
|
|
proxyPass =
|
|
"http://localhost:${toString config.services.headscale.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
"/metrics" = {
|
|
proxyPass =
|
|
"http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Derp server
|
|
networking.firewall.allowedUDPPorts = [ derpPort ];
|
|
|
|
environment.systemPackages = [ config.services.headscale.package ];
|
|
}
|