summaryrefslogtreecommitdiff
path: root/os/fscusat/modules/network/headscale.nix
diff options
context:
space:
mode:
Diffstat (limited to 'os/fscusat/modules/network/headscale.nix')
-rw-r--r--os/fscusat/modules/network/headscale.nix23
1 files changed, 23 insertions, 0 deletions
diff --git a/os/fscusat/modules/network/headscale.nix b/os/fscusat/modules/network/headscale.nix
new file mode 100644
index 0000000..906080a
--- /dev/null
+++ b/os/fscusat/modules/network/headscale.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+let
+ headScaleUrl = "https://headscale.${config.global.userdata.domain}";
+ user = config.global.userdata.name;
+in
+{
+ sops.secrets."misc/headscale" = { };
+ networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
+
+ services.tailscale = {
+ enable = true;
+ interfaceName = "headscale";
+ openFirewall = true;
+
+ authKeyFile = config.sops.secrets."misc/headscale".path;
+ extraUpFlags = [
+ "--login-server=${headScaleUrl}"
+ "--operator=${user}"
+ "--accept-routes=false"
+ "--advertise-exit-node"
+ ];
+ };
+}