relay1: migrate to wstunnel + WireGuard subnet relay via Headscale

Replace the OpenVPN/OCServ path with a cleaner wstunnel-terminated WireGuard relay on :443, advertise/approve corporate subnet routes through Headscale, and add wsl DNS/route plumbing for tailnet access.
2026-03-28 06:26:08 +01:00 · 2026-03-25 14:54:08 +01:00 · 2026-03-25 14:54:08 +01:00 · a6571d5f39
commit a6571d5f39
parent 572c6e3e54
5 changed files with 87 additions and 76 deletions
--- a/modules/headscale.nix
+++ b/modules/headscale.nix
@ -37,6 +37,13 @@ in
              "lefoyer.lu" = "10.33.0.100";
            };
          };
+          extra_records = [
+            {
+              name = "wsl.ts.net";
+              type = "A";
+              value = "10.250.250.2";
+            }
+          ];
        };
      };
    };