added headscale to vpn server
This commit is contained in:
mc-fucker
parent
576267e458
commit
3301697593
2 changed files with 67 additions and 0 deletions
66
modules/headscale.nix
Normal file
66
modules/headscale.nix
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
headscalePort = "6969";
|
||||||
|
headscaleDomain = "vpn.mc-fucker.cool";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
environment = {
|
||||||
|
systemPackages = with pkgs; [ headscale wireguard ];
|
||||||
|
etc = {
|
||||||
|
"headscale/config.yaml".text = ''
|
||||||
|
---
|
||||||
|
disable_check_updates: true
|
||||||
|
server_url: http://${headscaleDomain}:${headscalePort}
|
||||||
|
listen_addr: 0.0.0.0:${headscalePort}
|
||||||
|
ephemeral_node_inactivity_timeout: "30m"
|
||||||
|
private_key_path: /etc/nixos/keys/headscale-key
|
||||||
|
db_type: sqlite3
|
||||||
|
db_path: db.sqlite
|
||||||
|
derp:
|
||||||
|
urls:
|
||||||
|
- https://controlplane.tailscale.com/derpmap/default
|
||||||
|
paths:
|
||||||
|
- /etc/headscale/derp-example.yaml
|
||||||
|
auto_update_enabled: true
|
||||||
|
update_frequency: 24h
|
||||||
|
dns_config:
|
||||||
|
magic_dns: true
|
||||||
|
base_domain: ${headscaleDomain}
|
||||||
|
nameservers:
|
||||||
|
- 9.9.9.9
|
||||||
|
'';
|
||||||
|
"headscale/derp-example.yaml".text = ''
|
||||||
|
regions:
|
||||||
|
900:
|
||||||
|
regionid: 900
|
||||||
|
regioncode: custom
|
||||||
|
regionname: My Region
|
||||||
|
nodes:
|
||||||
|
- name: 1a
|
||||||
|
regionid: 1
|
||||||
|
hostname: myderp.mydomain.no
|
||||||
|
ipv4: 123.123.123.123
|
||||||
|
ipv6: "2604:a880:400:d1::828:b001"
|
||||||
|
stunport: 0
|
||||||
|
stunonly: false
|
||||||
|
derptestport: 0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.headscale = {
|
||||||
|
description = "Headscale VPN Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.headscale}/bin/headscale serve";
|
||||||
|
ExecReload = "/bin/kill -HUP $MAINPID";
|
||||||
|
Restart = "on-failure";
|
||||||
|
Type = "simple";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ (lib.strings.toInt headscalePort) ];
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim: set et ts=2 sw=2 ai:
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./modules/generic.nix
|
./modules/generic.nix
|
||||||
|
./modules/headscale.nix
|
||||||
];
|
];
|
||||||
system.stateVersion = "21.11";
|
system.stateVersion = "21.11";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue