nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

feat(headscale): use only headscale as derp server

Browse source
This commit is contained in:
Nydragon 2024-10-12 17:59:50 +02:00
parent 56f88cf6d6
commit 620783a7a3
Signed by: nydragon
SSH key fingerprint: SHA256:iQnIC12spf4QjWSbarmkD2No1cLMlu6TWoV7K6cYF5g
1 changed files with 26 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
hosts/raptus/headscale.nix
View file

@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
options,
... ...
}: }:
let let
@ -79,9 +80,32 @@ mkIf config.services.headscale.enable {
"fritz" "fritz"
]; ];
}; };
derp = {
# Reference: https://github.com/juanfont/headscale/issues/1326#issuecomment-1505487881
server = {
enabled = true;
stun_listen_addr = "0.0.0.0:3478";
# Region code and name are displayed in the Tailscale UI to identify a DERP region
region_code = "headscale";
region_name = "Headscale Embedded DERP";
region_id = 999;
};
urls = [ ];
paths = [ ];
auto_update_enabled = false;
update_frequency = "6h";
};
}; };
}; };
networking.firewall.allowedTCPPorts = [
3478 # DERP
];
nginx.virtualHosts."hs.ccnlc.eu" = { nginx.virtualHosts."hs.ccnlc.eu" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -127,8 +151,7 @@ mkIf config.services.headscale.enable {
"tag:client" "tag:client"
"tag:server" "tag:server"
]; ];
proto = "rsync"; # optional dst = [ "tag:backup:${toString options.modules.services.rsync-daemon.port.default}" ];
dst = [ "tag:backup" ];
} }
]; ];
@ -151,6 +174,7 @@ mkIf config.services.headscale.enable {
tags = map (name: "tag:${name}") [ tags = map (name: "tag:${name}") [
"server" "server"
"client" "client"
"backup"
]; ];
in in
lib.genAttrs tags (_: users); lib.genAttrs tags (_: users);