From f8ce8ead180bc616c13d104be018a4712ec3192d Mon Sep 17 00:00:00 2001 From: Nydragon Date: Sun, 22 Sep 2024 01:30:25 +0200 Subject: [PATCH] feat: add headscale --- flake.lock | 157 +++------------------------------ flake.nix | 4 +- hosts/raptus/configuration.nix | 5 +- hosts/raptus/headscale.nix | 87 +++++++++--------- modules/nix/overlays.nix | 3 +- parts/lib/default.nix | 2 +- 6 files changed, 61 insertions(+), 197 deletions(-) diff --git a/flake.lock b/flake.lock index e5395e5..1771e11 100644 --- a/flake.lock +++ b/flake.lock @@ -63,22 +63,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -99,27 +83,9 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -369,18 +335,6 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1725233747, - "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1719075281, @@ -414,22 +368,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1726062873, - "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1718428119, "narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=", @@ -450,42 +388,20 @@ "nixpkgs": [ "nixpkgs" ], - "quickshell": "quickshell", - "utils": "utils" + "quickshell": "quickshell" }, "locked": { - "lastModified": 1726939982, - "narHash": "sha256-1glg2PWhryacgi0B/qdP1vWahbcxjxlEhkN7EwjT6Sk=", - "owner": "nydragon", - "repo": "nysh", - "rev": "d3717cae4b1b3a7645c205ce5aa07b9f3dc130e3", - "type": "github" + "lastModified": 1726959368, + "narHash": "sha256-mOGe7rO3yiWliBhV+RIULc3kpEc86pQLZzy1eoGhTc4=", + "ref": "refs/heads/main", + "rev": "f0aa20544f8faf4a58d0f9da266d444614b3adeb", + "revCount": 39, + "type": "git", + "url": "https://codeberg.org/nydragon/nysh" }, "original": { - "owner": "nydragon", - "repo": "nysh", - "type": "github" - } - }, - "nyxexprs": { - "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", - "systems": "systems_4" - }, - "locked": { - "lastModified": 1726882698, - "narHash": "sha256-tr/kJUcxkpklHk6x3ix1aoOm8nBZ3BCR/5j/pvAUVa0=", - "owner": "NotAShelf", - "repo": "nyxexprs", - "rev": "909588293c9865e7ea7e4f71c17e47464c2084fa", - "type": "github" - }, - "original": { - "owner": "NotAShelf", - "repo": "nyxexprs", - "type": "github" + "type": "git", + "url": "https://codeberg.org/nydragon/nysh" } }, "quickshell": { @@ -541,13 +457,12 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nysh": "nysh", - "nyxexprs": "nyxexprs", "rofi-obsidian": "rofi-obsidian" } }, "rust-overlay": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1720318855, @@ -608,54 +523,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "xdph": { "inputs": { "hyprland-protocols": "hyprland-protocols", diff --git a/flake.nix b/flake.nix index 2474fb2..f571910 100644 --- a/flake.nix +++ b/flake.nix @@ -29,12 +29,10 @@ }; nysh = { - url = "github:nydragon/nysh"; + url = "git+https://codeberg.org/nydragon/nysh"; inputs.nixpkgs.follows = "nixpkgs"; }; - nyxexprs.url = "github:NotAShelf/nyxexprs"; - hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&rev=918d8340afd652b011b937d29d5eea0be08467f5"; }; diff --git a/hosts/raptus/configuration.nix b/hosts/raptus/configuration.nix index d2048c5..63e3123 100644 --- a/hosts/raptus/configuration.nix +++ b/hosts/raptus/configuration.nix @@ -19,6 +19,7 @@ in ./rustypaste ./forgejo ./obsidian-livesync + ./headscale.nix ../../modules/nix ]; @@ -36,7 +37,7 @@ in efiSupport = true; efiInstallAsRemovable = true; }; - + services.headscale.enable = true; networking.firewall = lib.mkForce { enable = true; allowedTCPPorts = [ @@ -83,8 +84,6 @@ in services.openssh = { enable = true; ports = [ 56528 ]; - # Having automatic generation enabled breaks agenix - #hostKeys = [ ]; }; services.endlessh = { diff --git a/hosts/raptus/headscale.nix b/hosts/raptus/headscale.nix index 346e3f9..76cc8f1 100644 --- a/hosts/raptus/headscale.nix +++ b/hosts/raptus/headscale.nix @@ -1,61 +1,60 @@ { config, - pkgs, - inputs, + lib, ... - }: -{ +let + inherit (lib) mkIf; +in +mkIf config.services.headscale.enable { environment.systemPackages = [ config.services.headscale.package ]; services = { headscale = { - enable = true; address = "127.0.0.1"; port = 8521; - server_url = "https://hs.notashelf.dev"; - tls_cert_path = null; - tls_key_path = null; + settings = { + server_url = "https://hs.ccnlc.eu"; + tls_cert_path = null; + tls_key_path = null; + ip_prefixes = [ + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; + ephemeral_node_inactivity_timeout = "30m"; + node_update_check_interval = "10s"; + metrics_listen_addr = "127.0.0.1:8086"; + # logging + log = { + format = "text"; + level = "info"; + }; - ephemeral_node_inactivity_timeout = "30m"; - node_update_check_interval = "10s"; - metrics_listen_addr = "127.0.0.1:8086"; - # logging - log = { - format = "text"; - level = "info"; - }; - - logtail.enabled = false; - }; - }; - - nginx.virtualHosts."hs.ccnlc.eu" = { - forceSSL = true; - enableACME = true; - quic = true; - http3 = true; - - locations = { - "/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - - "/metrics" = { - proxyPass = "http://${toString config.services.headscale.settings.metrics_listen_addr}/metrics"; - }; - - # see before - # possibly using the web frontend - "/web" = { - root = "${inputs.nyxexprs.packages.headscale-ui}/share"; + logtail.enabled = false; }; }; - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; + nginx.virtualHosts."hs.ccnlc.eu" = { + forceSSL = true; + enableACME = true; + #quic = true; + http3 = true; + + locations = { + "/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + + "/metrics" = { + proxyPass = "http://${toString config.services.headscale.settings.metrics_listen_addr}/metrics"; + }; + }; + + extraConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; + }; }; } diff --git a/modules/nix/overlays.nix b/modules/nix/overlays.nix index 060b06d..7dba016 100644 --- a/modules/nix/overlays.nix +++ b/modules/nix/overlays.nix @@ -28,7 +28,8 @@ }; rofi-obsidian = inputs'.rofi-obsidian.outputs.packages.rofi-obsidian; - nysh = inputs'.nysh.defaultPackage; + + nysh = inputs'.nysh.packages.nysh; hyprland = inputs'.hyprland.packages.hyprland; diff --git a/parts/lib/default.nix b/parts/lib/default.nix index 90fb71a..540b100 100644 --- a/parts/lib/default.nix +++ b/parts/lib/default.nix @@ -3,8 +3,8 @@ flake.lib = inputs.nixpkgs.lib.extend ( self: super: { my = import ./functions.nix { - lib = self; inherit inputs; + lib = self; self = args.self; }; }