summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--flake.nix7
-rw-r--r--os/kay/modules/network/headscale.nix18
2 files changed, 12 insertions, 13 deletions
diff --git a/flake.nix b/flake.nix
index cb746da..2be062f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -48,6 +48,7 @@
specialArgs = {
inherit alina;
+ inherit headplane;
inherit determinate;
inherit nixos-hardware;
};
@@ -75,12 +76,6 @@
./os/${host}/configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
-
- headplane.nixosModules.headplane
- {
- # provides `pkgs.headplane`
- nixpkgs.overlays = [ headplane.overlays.default ];
- }
];
});
diff --git a/os/kay/modules/network/headscale.nix b/os/kay/modules/network/headscale.nix
index 3e44108..b354f9b 100644
--- a/os/kay/modules/network/headscale.nix
+++ b/os/kay/modules/network/headscale.nix
@@ -2,6 +2,7 @@
config,
pkgs,
lib,
+ headplane,
...
}:
let
@@ -64,6 +65,11 @@ let
};
in
{
+ imports = [ headplane.nixosModules.headplane ];
+
+ nixpkgs.overlays = [ headplane.overlays.default ];
+ environment.systemPackages = [ config.services.headscale.package ];
+
sops.secrets = {
# server
"headplane/cookie_secret".owner = config.services.headscale.user;
@@ -78,6 +84,11 @@ in
interfaces.ppp0.allowedUDPPorts = [ stunPort ];
trustedInterfaces = [ config.services.tailscale.interfaceName ];
};
+ # for exit node only
+ boot.kernel.sysctl = {
+ "net.ipv4.ip_forward" = true;
+ "net.ipv6.conf.all.forwarding" = true;
+ };
services = {
headscale = {
@@ -142,11 +153,4 @@ in
];
};
};
-
- boot.kernel.sysctl = {
- "net.ipv4.ip_forward" = true;
- "net.ipv6.conf.all.forwarding" = true;
- };
-
- environment.systemPackages = [ config.services.headscale.package ];
}