feat(os/lia): init headscale

author: sinanmohd <sinan@sinanmohd.com> 2025-11-02 11:04:14 +0530
committer: sinanmohd <sinan@sinanmohd.com> 2025-11-02 11:18:09 +0530
commit: 69e69cc79f9f82167a628f2d4cd7b331a615c7f3 (patch)
tree: 5f02b8013ce38740fea788cfc53ad777438fcbdc /os/lia/modules
parent: 4fff7e1fbcc216fd6344700da0ac75db45fecccc (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/os/lia/modules/headscale.nix b/os/lia/modules/headscale.nix
new file mode 100644
index 0000000..906080a
--- /dev/null
+++ b/os/lia/modules/headscale.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+let
+  headScaleUrl = "https://headscale.${config.global.userdata.domain}";
+  user = config.global.userdata.name;
+in
+{
+  sops.secrets."misc/headscale" = { };
+  networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
+
+  services.tailscale = {
+    enable = true;
+    interfaceName = "headscale";
+    openFirewall = true;
+
+    authKeyFile = config.sops.secrets."misc/headscale".path;
+    extraUpFlags = [
+      "--login-server=${headScaleUrl}"
+      "--operator=${user}"
+      "--accept-routes=false"
+      "--advertise-exit-node"
+    ];
+  };
+}
author	sinanmohd <sinan@sinanmohd.com>	2025-11-02 11:04:14 +0530
committer	sinanmohd <sinan@sinanmohd.com>	2025-11-02 11:18:09 +0530
commit	69e69cc79f9f82167a628f2d4cd7b331a615c7f3 (patch)
tree	5f02b8013ce38740fea788cfc53ad777438fcbdc /os/lia/modules
parent	4fff7e1fbcc216fd6344700da0ac75db45fecccc (diff)