-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathheadscale.nix
32 lines (30 loc) · 1.07 KB
/
headscale.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{ config, lib, pkgs, ... }:
{
profiles.sparky-headscale = {
enable = true;
metricsIP = "fd8f:89ae:ca73:2::1";
probeSubnet = "fd8f:89ae:ca73:3::/64";
fqdn = "sparky-headscale.example.com"; # will be used for HTTPS-Requests, so public resolution is required here
derp = {
# see https://tailscale.com/kb/1232/derp-servers/
enable = true;
regionID = 999;
regionCode = "example-isp";
regionName = "Example-ISP Headscale DERP";
};
nginx = {
default = true;
forceSSL = true;
enableACME = true;
};
};
# as described in the readme, the headscale server is also
# in the tailnet as a SSH jump-host to the probes
# NOTE: this won't work on initial deployment as the headscale needs to be configured first
profiles.sparky-tailnet = {
enable = true;
ip = "fd8f:89ae:ca73:1::1";
headscaleURL = "https://sparky-headscale.example.com"; # HTTPS to the configured FQDN above
preAuthKey = "generated pre auth key"; # insert your pre-auth-key here after you have configured your headscale (see readme)
};
}