headscale + tailscale

2025-02-21 14:07:29 +01:00 · 2025-02-21 14:07:29 +01:00 · 39e1187948
commit 39e1187948
parent 74d4940e27
4 changed files with 45 additions and 0 deletions
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@ -2,11 +2,13 @@
  imports = [
    ./containers
    ./gitea.nix
+    ./headscale.nix
    ./minio.nix
    ./mysql.nix
    ./n8n.nix
    ./postgres.nix
    ./searx.nix
+    ./tailscale.nix
    ./traefik.nix
    ./wastebin.nix
  ];
--- a/hosts/m3-atlas/services/headscale.nix
+++ b/hosts/m3-atlas/services/headscale.nix
@ -0,0 +1,33 @@
+{
+  services = {
+    headscale = {
+      enable = true;
+      port = 3009;
+      settings = {
+        server_url = "https://va.m3tam3re.com";
+        dns = {
+          base_domain = "m3tam3re.loc";
+        };
+        logtail.enabled = false;
+      };
+    };
+  };
+
+  # Traefik configuration specific to
+  services.traefik.dynamicConfigOptions.http = {
+    services.headscale.loadBalancer.servers = [
+      {
+        url = "http://localhost:3009/";
+      }
+    ];
+
+    routers.headscale = {
+      rule = "Host(`va.m3tam3re.com`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "headscale";
+      entrypoints = "websecure";
+    };
+  };
+}
--- a/hosts/m3-atlas/services/tailscale.nix
+++ b/hosts/m3-atlas/services/tailscale.nix
@ -0,0 +1,9 @@
+{
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+  };
+  networking.firewall = {
+    trustedInterfaces = ["tailscale0"];
+  };
+}
--- a/hosts/m3-kratos/services/default.nix
+++ b/hosts/m3-kratos/services/default.nix
@ -11,6 +11,7 @@
    hypridle.enable = true;
    printing.enable = true;
    gvfs.enable = true;
+    tailscale.enable = true;
    trezord.enable = true;
    gnome.gnome-keyring.enable = true;
    qdrant.enable = true;