os/cez/modules/headscale.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

{ config, ... }:
let
  headScaleUrl = "https://headscale.${config.global.userdata.domain}";
in
{
  sops.secrets."misc/headscale" = { };
  networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];

  services.tailscale = {
    enable = true;
    interfaceName = "headscale";
    openFirewall = true;

    authKeyFile = config.sops.secrets."misc/headscale".path;
    extraUpFlags = [
      "--login-server=${headScaleUrl}"
    ];
  };
}