nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

feat: add headscale

Browse source
This commit is contained in:
Nydragon 2024-09-22 01:30:25 +02:00
parent 335e1cc095
commit f8ce8ead18
Signed by: nydragon
SSH key fingerprint: SHA256:iQnIC12spf4QjWSbarmkD2No1cLMlu6TWoV7K6cYF5g
6 changed files with 61 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

157
flake.lock generated
View file

@ -63,22 +63,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -99,27 +83,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -369,18 +335,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1725233747,
"narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1719075281, "lastModified": 1719075281,
@ -414,22 +368,6 @@
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": {
"lastModified": 1726062873,
"narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1718428119, "lastModified": 1718428119,
"narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=", "narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=",
@ -450,42 +388,20 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"quickshell": "quickshell", "quickshell": "quickshell"
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1726939982, "lastModified": 1726959368,
"narHash": "sha256-1glg2PWhryacgi0B/qdP1vWahbcxjxlEhkN7EwjT6Sk=", "narHash": "sha256-mOGe7rO3yiWliBhV+RIULc3kpEc86pQLZzy1eoGhTc4=",
"owner": "nydragon", "ref": "refs/heads/main",
"repo": "nysh", "rev": "f0aa20544f8faf4a58d0f9da266d444614b3adeb",
"rev": "d3717cae4b1b3a7645c205ce5aa07b9f3dc130e3", "revCount": 39,
"type": "github" "type": "git",
"url": "https://codeberg.org/nydragon/nysh"
}, },
"original": { "original": {
"owner": "nydragon", "type": "git",
"repo": "nysh", "url": "https://codeberg.org/nydragon/nysh"
"type": "github"
}
},
"nyxexprs": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_4",
"systems": "systems_4"
},
"locked": {
"lastModified": 1726882698,
"narHash": "sha256-tr/kJUcxkpklHk6x3ix1aoOm8nBZ3BCR/5j/pvAUVa0=",
"owner": "NotAShelf",
"repo": "nyxexprs",
"rev": "909588293c9865e7ea7e4f71c17e47464c2084fa",
"type": "github"
},
"original": {
"owner": "NotAShelf",
"repo": "nyxexprs",
"type": "github"
} }
}, },
"quickshell": { "quickshell": {
@ -541,13 +457,12 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nysh": "nysh", "nysh": "nysh",
"nyxexprs": "nyxexprs",
"rofi-obsidian": "rofi-obsidian" "rofi-obsidian": "rofi-obsidian"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1720318855, "lastModified": 1720318855,
@ -608,54 +523,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": "hyprland-protocols", "hyprland-protocols": "hyprland-protocols",

4
flake.nix
View file

@ -29,12 +29,10 @@
}; };
nysh = { nysh = {
url = "github:nydragon/nysh"; url = "git+https://codeberg.org/nydragon/nysh";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nyxexprs.url = "github:NotAShelf/nyxexprs";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&rev=918d8340afd652b011b937d29d5eea0be08467f5"; hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&rev=918d8340afd652b011b937d29d5eea0be08467f5";
}; };

5
hosts/raptus/configuration.nix
View file

@ -19,6 +19,7 @@ in
./rustypaste ./rustypaste
./forgejo ./forgejo
./obsidian-livesync ./obsidian-livesync
./headscale.nix
../../modules/nix ../../modules/nix
]; ];
@ -36,7 +37,7 @@ in
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
}; };
services.headscale.enable = true;
networking.firewall = lib.mkForce { networking.firewall = lib.mkForce {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
@ -83,8 +84,6 @@ in
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 56528 ]; ports = [ 56528 ];
# Having automatic generation enabled breaks agenix
#hostKeys = [ ];
}; };
services.endlessh = { services.endlessh = {

87
hosts/raptus/headscale.nix
View file

@ -1,61 +1,60 @@
{ {
config, config,
pkgs, lib,
inputs,
... ...
}: }:
{ let
inherit (lib) mkIf;
in
mkIf config.services.headscale.enable {
environment.systemPackages = [ config.services.headscale.package ]; environment.systemPackages = [ config.services.headscale.package ];
services = { services = {
headscale = { headscale = {
enable = true;
address = "127.0.0.1"; address = "127.0.0.1";
port = 8521; port = 8521;
server_url = "https://hs.notashelf.dev"; settings = {
tls_cert_path = null; server_url = "https://hs.ccnlc.eu";
tls_key_path = null; tls_cert_path = null;
tls_key_path = null;
ip_prefixes = [
"100.64.0.0/10"
"fd7a:115c:a1e0::/48"
];
ephemeral_node_inactivity_timeout = "30m";
node_update_check_interval = "10s";
metrics_listen_addr = "127.0.0.1:8086";
# logging
log = {
format = "text";
level = "info";
};
ephemeral_node_inactivity_timeout = "30m"; logtail.enabled = false;
node_update_check_interval = "10s";
metrics_listen_addr = "127.0.0.1:8086";
# logging
log = {
format = "text";
level = "info";
};
logtail.enabled = false;
};
};
nginx.virtualHosts."hs.ccnlc.eu" = {
forceSSL = true;
enableACME = true;
quic = true;
http3 = true;
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
"/metrics" = {
proxyPass = "http://${toString config.services.headscale.settings.metrics_listen_addr}/metrics";
};
# see <https://github.com/gurucomputing/headscale-ui/blob/master/SECURITY.md> before
# possibly using the web frontend
"/web" = {
root = "${inputs.nyxexprs.packages.headscale-ui}/share";
}; };
}; };
extraConfig = '' nginx.virtualHosts."hs.ccnlc.eu" = {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; forceSSL = true;
''; enableACME = true;
#quic = true;
http3 = true;
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
"/metrics" = {
proxyPass = "http://${toString config.services.headscale.settings.metrics_listen_addr}/metrics";
};
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
}; };
} }

3
modules/nix/overlays.nix
View file

@ -28,7 +28,8 @@
}; };
rofi-obsidian = inputs'.rofi-obsidian.outputs.packages.rofi-obsidian; rofi-obsidian = inputs'.rofi-obsidian.outputs.packages.rofi-obsidian;
nysh = inputs'.nysh.defaultPackage;
nysh = inputs'.nysh.packages.nysh;
hyprland = inputs'.hyprland.packages.hyprland; hyprland = inputs'.hyprland.packages.hyprland;

2
parts/lib/default.nix
View file

@ -3,8 +3,8 @@
flake.lib = inputs.nixpkgs.lib.extend ( flake.lib = inputs.nixpkgs.lib.extend (
self: super: { self: super: {
my = import ./functions.nix { my = import ./functions.nix {
lib = self;
inherit inputs; inherit inputs;
lib = self;
self = args.self; self = args.self;
}; };
} }