From 18ba368bafe4e8e959c2943ec252b8e552c2b6ae Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Mon, 3 Nov 2025 11:41:41 +0530
Subject: feat(os/fscusat): init headscale

---
 os/fscusat/modules/network/headscale.nix | 23 +++++++++++++++++++++++
 os/fscusat/modules/network/lan.nix       | 23 +++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 os/fscusat/modules/network/headscale.nix
 create mode 100644 os/fscusat/modules/network/lan.nix

(limited to 'os/fscusat/modules/network')

diff --git a/os/fscusat/modules/network/headscale.nix b/os/fscusat/modules/network/headscale.nix
new file mode 100644
index 0000000..906080a
--- /dev/null
+++ b/os/fscusat/modules/network/headscale.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+let
+  headScaleUrl = "https://headscale.${config.global.userdata.domain}";
+  user = config.global.userdata.name;
+in
+{
+  sops.secrets."misc/headscale" = { };
+  networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
+
+  services.tailscale = {
+    enable = true;
+    interfaceName = "headscale";
+    openFirewall = true;
+
+    authKeyFile = config.sops.secrets."misc/headscale".path;
+    extraUpFlags = [
+      "--login-server=${headScaleUrl}"
+      "--operator=${user}"
+      "--accept-routes=false"
+      "--advertise-exit-node"
+    ];
+  };
+}
diff --git a/os/fscusat/modules/network/lan.nix b/os/fscusat/modules/network/lan.nix
new file mode 100644
index 0000000..fefcd14
--- /dev/null
+++ b/os/fscusat/modules/network/lan.nix
@@ -0,0 +1,23 @@
+{ ... }:
+
+let
+  wan = "ens18";
+in
+{
+  networking = {
+    interfaces.${wan}.ipv4.addresses = [
+      {
+        address = "10.0.8.101";
+        prefixLength = 16;
+      }
+    ];
+    defaultGateway = {
+      address = "10.0.0.1";
+      interface = wan;
+    };
+    nameservers = [
+      "10.0.0.2"
+      "10.0.0.3"
+    ];
+  };
+}
-- 
cgit v1.2.3