feat: add headscale

flake.lock

@@ -63,22 +63,6 @@
         "type": "github"
       }
     },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -99,27 +83,9 @@
         "type": "github"
       }
     },
-    "flake-parts_2": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
-      },
-      "locked": {
-        "lastModified": 1726153070,
-        "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -369,18 +335,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1725233747,
-        "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
-      }
-    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1719075281,
@@ -414,22 +368,6 @@
       }
     },
     "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1726062873,
-        "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
       "locked": {
         "lastModified": 1718428119,
         "narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=",
@@ -450,42 +388,20 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "quickshell": "quickshell",
-        "utils": "utils"
+        "quickshell": "quickshell"
       },
       "locked": {
-        "lastModified": 1726939982,
-        "narHash": "sha256-1glg2PWhryacgi0B/qdP1vWahbcxjxlEhkN7EwjT6Sk=",
-        "owner": "nydragon",
-        "repo": "nysh",
-        "rev": "d3717cae4b1b3a7645c205ce5aa07b9f3dc130e3",
-        "type": "github"
+        "lastModified": 1726959368,
+        "narHash": "sha256-mOGe7rO3yiWliBhV+RIULc3kpEc86pQLZzy1eoGhTc4=",
+        "ref": "refs/heads/main",
+        "rev": "f0aa20544f8faf4a58d0f9da266d444614b3adeb",
+        "revCount": 39,
+        "type": "git",
+        "url": "https://codeberg.org/nydragon/nysh"
       },
       "original": {
-        "owner": "nydragon",
-        "repo": "nysh",
-        "type": "github"
-      }
-    },
-    "nyxexprs": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_4",
-        "systems": "systems_4"
-      },
-      "locked": {
-        "lastModified": 1726882698,
-        "narHash": "sha256-tr/kJUcxkpklHk6x3ix1aoOm8nBZ3BCR/5j/pvAUVa0=",
-        "owner": "NotAShelf",
-        "repo": "nyxexprs",
-        "rev": "909588293c9865e7ea7e4f71c17e47464c2084fa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NotAShelf",
-        "repo": "nyxexprs",
-        "type": "github"
+        "type": "git",
+        "url": "https://codeberg.org/nydragon/nysh"
       }
     },
     "quickshell": {
@@ -541,13 +457,12 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_3",
         "nysh": "nysh",
-        "nyxexprs": "nyxexprs",
         "rofi-obsidian": "rofi-obsidian"
       }
     },
     "rust-overlay": {
       "inputs": {
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1720318855,
@@ -608,54 +523,6 @@
         "type": "github"
       }
     },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_5": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "xdph": {
       "inputs": {
         "hyprland-protocols": "hyprland-protocols",

flake.nix

@@ -29,12 +29,10 @@
     };
 
     nysh = {
-      url = "github:nydragon/nysh";
+      url = "git+https://codeberg.org/nydragon/nysh";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nyxexprs.url = "github:NotAShelf/nyxexprs";
-
     hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&rev=918d8340afd652b011b937d29d5eea0be08467f5";
   };
 

hosts/raptus/configuration.nix

@@ -19,6 +19,7 @@ in
     ./rustypaste
     ./forgejo
     ./obsidian-livesync
+    ./headscale.nix
     ../../modules/nix
   ];
 
@@ -36,7 +37,7 @@ in
     efiSupport = true;
     efiInstallAsRemovable = true;
   };
-
+  services.headscale.enable = true;
   networking.firewall = lib.mkForce {
     enable = true;
     allowedTCPPorts = [
@@ -83,8 +84,6 @@ in
   services.openssh = {
     enable = true;
     ports = [ 56528 ];
-    # Having automatic generation enabled breaks agenix
-    #hostKeys = [ ];
   };
 
   services.endlessh = {

hosts/raptus/headscale.nix

@@ -1,61 +1,60 @@
 {
   config,
-  pkgs,
-  inputs,
+  lib,
   ...
-
 }:
-{
+let
+  inherit (lib) mkIf;
+in
+mkIf config.services.headscale.enable {
   environment.systemPackages = [ config.services.headscale.package ];
 
   services = {
     headscale = {
-      enable = true;
       address = "127.0.0.1";
       port = 8521;
 
-      server_url = "https://hs.notashelf.dev";
-      tls_cert_path = null;
-      tls_key_path = null;
+      settings = {
+        server_url = "https://hs.ccnlc.eu";
+        tls_cert_path = null;
+        tls_key_path = null;
+        ip_prefixes = [
+          "100.64.0.0/10"
+          "fd7a:115c:a1e0::/48"
+        ];
+        ephemeral_node_inactivity_timeout = "30m";
+        node_update_check_interval = "10s";
+        metrics_listen_addr = "127.0.0.1:8086";
+        # logging
+        log = {
+          format = "text";
+          level = "info";
+        };
 
-      ephemeral_node_inactivity_timeout = "30m";
-      node_update_check_interval = "10s";
-      metrics_listen_addr = "127.0.0.1:8086";
-      # logging
-      log = {
-        format = "text";
-        level = "info";
-      };
-
-      logtail.enabled = false;
-    };
-  };
-
-  nginx.virtualHosts."hs.ccnlc.eu" = {
-    forceSSL = true;
-    enableACME = true;
-    quic = true;
-    http3 = true;
-
-    locations = {
-      "/" = {
-        proxyPass = "http://localhost:${toString config.services.headscale.port}";
-        proxyWebsockets = true;
-      };
-
-      "/metrics" = {
-        proxyPass = "http://${toString config.services.headscale.settings.metrics_listen_addr}/metrics";
-      };
-
-      # see <https://github.com/gurucomputing/headscale-ui/blob/master/SECURITY.md> before
-      # possibly using the web frontend
-      "/web" = {
-        root = "${inputs.nyxexprs.packages.headscale-ui}/share";
+        logtail.enabled = false;
       };
     };
 
-    extraConfig = ''
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    '';
+    nginx.virtualHosts."hs.ccnlc.eu" = {
+      forceSSL = true;
+      enableACME = true;
+      #quic = true;
+      http3 = true;
+
+      locations = {
+        "/" = {
+          proxyPass = "http://localhost:${toString config.services.headscale.port}";
+          proxyWebsockets = true;
+        };
+
+        "/metrics" = {
+          proxyPass = "http://${toString config.services.headscale.settings.metrics_listen_addr}/metrics";
+        };
+      };
+
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+    };
   };
 }

modules/nix/overlays.nix

@@ -28,7 +28,8 @@
       };
 
       rofi-obsidian = inputs'.rofi-obsidian.outputs.packages.rofi-obsidian;
-      nysh = inputs'.nysh.defaultPackage;
+
+      nysh = inputs'.nysh.packages.nysh;
 
       hyprland = inputs'.hyprland.packages.hyprland;
 

parts/lib/default.nix

@@ -3,8 +3,8 @@
   flake.lib = inputs.nixpkgs.lib.extend (
     self: super: {
       my = import ./functions.nix {
-        lib = self;
         inherit inputs;
+        lib = self;
         self = args.self;
       };
     }