phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add headscale

Browse source
This commit is contained in:
Paul-Henri Froidmont 2025-08-29 16:08:14 +02:00
parent 051baa2900
commit 3893ba3de1
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
4 changed files with 65 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/default.nix
View file

@ -24,5 +24,6 @@
./foundryvtt.nix ./foundryvtt.nix
./immich.nix ./immich.nix
./forgejo.nix ./forgejo.nix
./headscale.nix
]; ];
} }

55
modules/headscale.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, ... }:
with lib;
let
cfg = config.custom.services.headscale;
domain = "hs.${config.networking.domain}";
in
{
options.custom.services.headscale = {
enable = mkEnableOption "headscale";
};
config = mkIf cfg.enable {
services.headscale = {
enable = true;
port = 28080;
settings = {
server_url = "https://${domain}";
derp = {
server = {
enabled = true;
stun_listen_addr = "0.0.0.0:4478";
};
# urls = [ ];
auto_update_enabled = false;
};
dns = {
base_domain = "ts.net";
nameservers = {
split = {
"foyer.cloud" = "10.33.0.100";
"foyer.lu" = "10.33.0.100";
"lefoyer.lu" = "10.33.0.100";
};
};
};
};
};
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
networking = {
firewall.allowedUDPPorts = [
4478
];
};
};
}

1
profiles/hel.nix
View file

@ -233,6 +233,7 @@
monitoring-exporters.enable = true; monitoring-exporters.enable = true;
immich.enable = true; immich.enable = true;
forgejo.enable = true; forgejo.enable = true;
headscale.enable = true;
backup-job = { backup-job = {
enable = true; enable = true;

8
terraform/dns.tf
View file

@ -229,6 +229,14 @@ resource "hetznerdns_record" "ch_a" {
ttl = 600 ttl = 600
} }
resource "hetznerdns_record" "hs_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "hs"
value = local.hel1_ip
type = "A"
ttl = 600
}
# Email # Email
resource "hetznerdns_record" "mail_mx" { resource "hetznerdns_record" "mail_mx" {
zone_id = data.hetznerdns_zone.banditlair_zone.id zone_id = data.hetznerdns_zone.banditlair_zone.id