diff --git a/modules/headscale.nix b/modules/headscale.nix index cfd5a6f..fb635dc 100644 --- a/modules/headscale.nix +++ b/modules/headscale.nix @@ -7,30 +7,6 @@ in environment = { systemPackages = with pkgs; [ headscale wireguard-tools ]; etc = { - "headscale/config.yaml".text = '' - --- - disable_check_updates: true - server_url: http://${headscaleDomain}:${headscalePort} - listen_addr: 0.0.0.0:${headscalePort} - ephemeral_node_inactivity_timeout: "30m" - private_key_path: /etc/nixos/keys/headscale-key - db_type: sqlite3 - db_path: db.sqlite - ip_prefixes: - - 100.64.0.0/16 - derp: - urls: - - https://controlplane.tailscale.com/derpmap/default - paths: - - /etc/headscale/derp-example.yaml - auto_update_enabled: true - update_frequency: 24h - dns_config: - magic_dns: true - base_domain: ${headscaleDomain} - nameservers: - - 9.9.9.9 - ''; "headscale/derp-example.yaml".text = '' regions: 900: @@ -50,15 +26,26 @@ in }; }; - systemd.services.headscale = { - description = "Headscale VPN Server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - serviceConfig = { - ExecStart = "${pkgs.headscale}/bin/headscale serve"; - ExecReload = "/bin/kill -HUP $MAINPID"; - Restart = "on-failure"; - Type = "simple"; + services.headscale = { + address = "0.0.0.0"; + enable = true; + port = (lib.strings.toInt headscalePort); + settings = { + server_url = "http://${headscaleDomain}:${headscalePort}"; + db_path = "/var/lib/headscale/db.sqlite"; + db_type = "sqlite3"; + ip_prefixes = [ "100.64.0.0/16" ]; + derp.paths = [ "/etc/headscale/derp-example.yaml" ]; + derp.urls = [ "https://controlplane.tailscale.com/derpmap/default" ]; + dns_config.base_domain = headscaleDomain; + dns_config.nameservers = [ "9.9.9.9" ]; + #dns_config.extra_records = [ + # { + # name = "mc-fucker.cool"; + # type = "A"; + # value = "100.64.0.2"; + # } + #]; }; };