From 620783a7a380e5b11f68541e29c377e662305641 Mon Sep 17 00:00:00 2001
From: Nydragon <contact@ccnlc.eu>
Date: Sat, 12 Oct 2024 17:59:50 +0200
Subject: [PATCH] feat(headscale): use only headscale as derp server

---
 hosts/raptus/headscale.nix | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/hosts/raptus/headscale.nix b/hosts/raptus/headscale.nix
index ec3bae1..10dabd6 100644
--- a/hosts/raptus/headscale.nix
+++ b/hosts/raptus/headscale.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  options,
   ...
 }:
 let
@@ -79,9 +80,32 @@ mkIf config.services.headscale.enable {
               "fritz"
             ];
         };
+
+        derp = {
+          # Reference: https://github.com/juanfont/headscale/issues/1326#issuecomment-1505487881
+          server = {
+            enabled = true;
+            stun_listen_addr = "0.0.0.0:3478";
+
+            # Region code and name are displayed in the Tailscale UI to identify a DERP region
+            region_code = "headscale";
+            region_name = "Headscale Embedded DERP";
+            region_id = 999;
+          };
+
+          urls = [ ];
+          paths = [ ];
+
+          auto_update_enabled = false;
+          update_frequency = "6h";
+        };
       };
     };
 
+    networking.firewall.allowedTCPPorts = [
+      3478 # DERP
+    ];
+
     nginx.virtualHosts."hs.ccnlc.eu" = {
       forceSSL = true;
       enableACME = true;
@@ -127,8 +151,7 @@ mkIf config.services.headscale.enable {
             "tag:client"
             "tag:server"
           ];
-          proto = "rsync"; # optional
-          dst = [ "tag:backup" ];
+          dst = [ "tag:backup:${toString options.modules.services.rsync-daemon.port.default}" ];
         }
       ];
 
@@ -151,6 +174,7 @@ mkIf config.services.headscale.enable {
           tags = map (name: "tag:${name}") [
             "server"
             "client"
+            "backup"
           ];
         in
         lib.genAttrs tags (_: users);