everything is updated, everything is wonderful

1 files changed, 55 insertions, 0 deletions

diff --git a/modules/nixosModules/server/tailscale.nix b/modules/nixosModules/server/tailscale.nix
new file mode 100644
index 0000000..41d4b5d
--- /dev/null
+++ b/modules/nixosModules/server/tailscale.nix
@@ -0,0 +1,55 @@
+{ self, ... }: { 
+
+  flake.nixosModules.tailscaleServer = { config, ... }: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+    ];
+
+    services.tailscale = {
+      enable = true;
+      useRoutingFeatures = "server";
+      extraUpFlags = [
+        "--login-server=https://headscale.${cfg.domain}"
+        "--advertise-exit-node"
+      ];
+    };
+  };
+
+  flake.nixosModules.headscale = { config, ... }: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+    ];
+
+    services.headscale = {
+      enable = true;
+      port = 8085;
+      settings = {
+        server_url = "https://headscale.${cfg.domain}";
+        dns = {
+          magic_dns = false;
+          nameservers.global = [ "1.1.1.1" "9.9.9.9" ];
+        };
+        prefixes = {
+          v4 = "100.64.0.0/10";
+          v6 = "fd7a:115c:a1e0::/48";
+        };
+      };
+    };
+
+    services.nginx.virtualHosts."headscale.${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8085";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+      };
+    };
+  };
+}