From a4de5f3324550cefdea68a2244d31a3c4844f49f Mon Sep 17 00:00:00 2001 From: Myned Date: Tue, 10 Sep 2024 21:26:47 -0500 Subject: [PATCH] headscale: initial disabled container Signed-off-by: Myned --- .../custom/settings/containers/headscale.nix | 67 ++++++++++++++++++ profiles/server/default.nix | 1 + secrets/secrets.nix | 1 + secrets/server/headscale/.env | Bin 0 -> 3132 bytes 4 files changed, 69 insertions(+) create mode 100644 options/custom/settings/containers/headscale.nix create mode 100644 secrets/server/headscale/.env diff --git a/options/custom/settings/containers/headscale.nix b/options/custom/settings/containers/headscale.nix new file mode 100644 index 0000000..395726e --- /dev/null +++ b/options/custom/settings/containers/headscale.nix @@ -0,0 +1,67 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.custom.settings.containers.headscale; +in +{ + options.custom.settings.containers.headscale.enable = mkOption { default = false; }; + + config = mkIf cfg.enable { + age.secrets = + let + secret = filename: { + file = "${inputs.self}/secrets/${filename}"; + }; + in + { + "${config.custom.profile}/headscale/.env" = secret "${config.custom.profile}/headscale/.env"; + }; + + #?? arion-headscale pull + environment.shellAliases.arion-headscale = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.headscale.settings.out.dockerComposeYaml}"; + + virtualisation.arion.projects.headscale = { + serviceName = "headscale"; + + settings.services = { + # https://headscale.net/ + # https://github.com/juanfont/headscale + # BUG: Does not support generic DoH/DoT + # https://github.com/juanfont/headscale/issues/1312 + headscale.service = { + command = "serve"; + container_name = "headscale"; + env_file = [ config.age.secrets."${config.custom.profile}/headscale/.env".path ]; + image = "headscale/headscale:v0.23.0-beta.4"; + restart = "unless-stopped"; + + ports = [ + "9999:9999" + "9090:9090" + ]; + + volumes = [ + "${config.custom.settings.containers.directory}/headscale/config:/etc/headscale" + "${config.custom.settings.containers.directory}/headscale/data:/var/lib/headscale" + + # Minimum config.yaml + # https://github.com/juanfont/headscale/blob/main/config-example.yaml + # https://github.com/juanfont/headscale/blob/main/integration/hsic/config.go + "${pkgs.writeText "config.yaml" '' + noise: + private_key_path: /var/lib/headscale/noise_private.key + ''}:/etc/headscale/config.yaml" + ]; + }; + }; + }; + }; +} diff --git a/profiles/server/default.nix b/profiles/server/default.nix index 98a8539..9cf39a6 100644 --- a/profiles/server/default.nix +++ b/profiles/server/default.nix @@ -55,6 +55,7 @@ coturn.enable = true; forgejo.enable = true; foundryvtt.enable = true; + #// headscale.enable = true; mastodon.enable = true; nextcloud.enable = true; redlib.enable = true; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 89b89e3..aef5be3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -73,6 +73,7 @@ in "server/forgejo/.env".publicKeys = server; "server/forgejo/db.env".publicKeys = server; "server/foundryvtt/.env".publicKeys = server; + "server/headscale/.env".publicKeys = server; "server/mastodon/.env".publicKeys = server; "server/mastodon/db.env".publicKeys = server; "server/matrix-conduit/conduwuit.toml".publicKeys = server; diff --git a/secrets/server/headscale/.env b/secrets/server/headscale/.env new file mode 100644 index 0000000000000000000000000000000000000000..a88488979a645234dd4ddc7542139c5bcddc1b0d GIT binary patch literal 3132 zcmV-C48!wbXJsvAZewzJaCB*JZZ254fN@Fi>QEW7OzZ8>9QNNaI#LpCyPVQWEQbW~AlR5Ub2NqIC-cR>m*J|J^*Xf0)AGBq_ZIUsXp zczSP9ATVZdac47aM|XI5ad>rbc}H?%d1*3fb#pLNMsR0LF+pcZ$iFjZ|dKXV@ z{nfw*nBI}x$zYqsO9994)j>l7QMT1E-Ke6$izaUM734*9*MQtdA;D3^!U7PhethHv z^_^Radv#Wnvb`0BAK#f8zuzJ?-lxH02B0Hs_>Hf1C}H9#_Cl}Ap8$8EYf0_Aw2asx zOCa=^kBiZHNjk@2^zl7_YKUI`OlEWo@SHZ4$Zi|ty0go$3wh*)327y&$eLfDX0J zxT7k%bPL$H`9qFWx^k~nZr_7}%wV11KvQaH_X{rV)^H}DY4&=-*LOKRkqzbM=t!uq zuJ_ZWI<2M@n|+@1(0bi|m?nU^I{60287vN?R>o=J<4Hr<&tYz!DgnnZ1ZxsOYl*p8 z;M$ysAjlmoKtgI*sw%v%ygWY!@=%HtJ=zOUj>fM)i3pXRBbFt%|Nq9H;aR^Nwz+Fem14o#8^ zom9|{n4TA@ket@@G(`)=0f2vfa<|R`}PUi$UibE8Dn7D%mfz=@!+Hwsy+q%>OS>kB@jwT9u`q(O>F& z0mq98h;f=Yn*}ja7mlq|L!qfoFN7?vEWiH;_1=g{yai=11PQcxJm=x=78HA4p*tb# zs*vrAu+wL5FwFHVIn!- zk=Kg=s@t+Gu!&geKnJ=9jTB|VvEXCE??bMZpENt4Vq4y)i=v$u%*K+0Bf|sjf8Fa; zCZDOFREhv%FM>YV9I*n{)ikty`0y$+Mte56#oba@pfAYeg~B8H@)K}pxf(|1101pm z$>@bqsRUFxV4niGl%Db8K$?Vh^Qq2tbURRzz1v;SCfz+8OLzSMymiB^|7zr@u; z%!eUrUD!2yR>}~ZyLjJyic*<%A5F`qLR_|q7;y`TFLPFVD$V+_z??B}l9nD&AJ&I( zT!gkBPPfS^_~tfqUxYpY{ER681)04(pk%x!%6~p7H8~xRZ&kO3r|!s8$v1`@+8V1R za4|6;Y3v+upEyV5kG({^8#X;LnDB2w5) z7uXEqL^YtCwibJOn{5T8fdOWbs|#u!UDPeX4TAjB_1rX9ZpX*2T5RsRL4$hNA9|3P z2G$%@Mt1v$6lds_z*!zN{=pjb?7F1_$*$nh$zG> z)-_~Sxz0aGb~b{J&9*lVNZ2l!1VPOnx1J&)LyO`9=c%%P-b-8UjE$%3UmP~XKhN*CH7c6OYSG%AY1Jw@fo=JuO zV5~r+40R7CI?md{|LWoV8)aQFT8ZS#wd@Gis4`{Z<^IWL|2?lA@{?|sk07OX6VZH_ z@$Ox8CnSR=k?oN2tBOTi!oTmoJ-?wjQ(G82;*_?=MW<4m(IFOCzu2ynHyoDqA$IKG z?jmlE({V6y)WTSNn36apoGmFX2F1u_S%~D~I@QTFdZ-1|)^WQ*mp9quG_>RNnaT99 zmgE|4haEl~m$CeGjepn`G5kOnTOKRo-B7685=AfP-(zE4C`MoT0SJ@vA!=Hv<8uD@ z0qEcHD9$};L7+?5G8i!X*YI{fq3DiW^j#A5I42uuXvoPD6=KVJ56(iNG+fR$=~Rs$ zJkKyn$Ml_NL(^jA>ZOR?tnyV#4*!A8rMxaho@ta{R?~?eOF16sBDR=|dO+PBTfy!- znu}2Ijo4ExMD#(zY114npnHXZ;_UaoVMhsR(52wBMt-mkB`#9+Y>>;d5+ElDxwJW- zM~2ti1V^`L7h_GRi4rVB9FcIcP7tPA(tdUV_#in(7u)L{vw|@+;vMKYfJhRV0W}OJ zXYKNys*B-F?`63^*lBE*zx!+;JOP4eIiVzZH%b|=c}nV+czCuK^kA10`L>8U34$cs zyVegc2zBA5(GZsVj!7Ndtf1pQovezdZPY6TTFNq` z@TYTni4OzpqpDc+6NtY{*ugvHM6|mGV!Gng+65@b=b1NNn^L#vE%`mTeIJiul&#-! zT-WRCFJ2vH57`6W0$?8$xa5X`1hSoM?h=;J%ewGp zd`N(e2W2f6fS@6PUB2xg;XunCpZ$EW2;m2(ALk#mOHY`G90?)Pm{{oGOyZFX(ByF8 W3sUrxK*sRQr|8W5-EB=;de9xc4&x>O literal 0 HcmV?d00001