diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-10-17 09:56:49 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-10-17 09:56:49 +0530 |
| commit | 0446221b601f559ce90d2ae6285d11f0689e7f7f (patch) | |
| tree | 1d780a11da28c5f9e126e7d89c4b3bc8286cf69f /os/cez/modules | |
| parent | 84c39b405972516a9be2e8be8729097f8691050f (diff) | |
feat(cez/tailscale): init
Diffstat (limited to 'os/cez/modules')
| -rw-r--r-- | os/cez/modules/headscale.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/os/cez/modules/headscale.nix b/os/cez/modules/headscale.nix new file mode 100644 index 0000000..1045c24 --- /dev/null +++ b/os/cez/modules/headscale.nix @@ -0,0 +1,19 @@ +{ config, ... }: +let + headScaleUrl = "https://headscale.${config.global.userdata.domain}"; +in +{ + sops.secrets."misc/headscale" = { }; + networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; + + services.tailscale = { + enable = true; + interfaceName = "headscale"; + openFirewall = true; + + authKeyFile = config.sops.secrets."misc/headscale".path; + extraUpFlags = [ + "--login-server=${headScaleUrl}" + ]; + }; +} |