tailscale

2025-12-17 03:29:20 +00:00 · 2024-09-02 15:05:48 +01:00 · 2024-09-02 15:05:48 +01:00 · c558bad713
commit c558bad713
parent 961d41b9bf
15 changed files with 106 additions and 15 deletions
--- a/hosts/artemis/configuration.nix
+++ b/hosts/artemis/configuration.nix
@ -1,11 +1,17 @@
 {
+  config,
  pkgs,
  inputs,
  ...
 }: let
  inherit (inputs.self.nixosModules) keys;
 in {
-  services.remote-deploy = {
+  c.services.mesh = {
+    enable = true;
+    exitNode = false;
+    keyFile = config.age.secrets.mesh-conf-cleslie.path;
+  };
+  c.services.remote-deploy = {
    enable = false;
    keys = keys.c;
  };
--- a/hosts/artemis/default.nix
+++ b/hosts/artemis/default.nix
@ -1,4 +1,4 @@
-{
+{inputs}: {
  modules = [
    ./hardware-configuration.nix
    ./configuration.nix
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,6 +1,13 @@
-{utils}: let
-  hosts = utils.lib.exportModules [
-    ./artemis
-    ./hermes
-  ];
-in {inherit hosts;}
+{
+  inputs,
+  utils,
+}: let
+  # TODO: function to do this
+  artemis = import ./artemis {inherit inputs;};
+  hermes = import ./hermes {inherit inputs;};
+in {
+  hosts = {
+    inherit artemis;
+    inherit hermes;
+  };
+}
--- a/hosts/hermes/configuration.nix
+++ b/hosts/hermes/configuration.nix
@ -7,7 +7,13 @@
 }: let
  inherit (inputs.self.nixosModules) keys;
 in {
-  services.remote-deploy = {
+  c.services.mesh = {
+    enable = true;
+    exitNode = true;
+    keyFile = config.age.secrets.mesh-conf-infra.path;
+  };
+
+  c.services.remote-deploy = {
    enable = true;
    host = "media.cleslie.uk";
    port = 62480;
--- a/hosts/hermes/default.nix
+++ b/hosts/hermes/default.nix
@ -1,4 +1,4 @@
-{
+{inputs}: {
  modules = [
    ./hardware-configuration.nix
    ./configuration.nix
@ -7,6 +7,7 @@
    ./networking.nix
    ./ssh.nix
    ./media.nix
+    ./headscale.nix
  ];
  extraArgs = {};
  specialArgs = {};
--- a/hosts/hermes/headscale.nix
+++ b/hosts/hermes/headscale.nix
@ -0,0 +1,20 @@
+{config, ...}: let
+  domain = "mesh.cleslie.uk";
+in {
+  services = {
+    headscale = {
+      enable = true;
+      address = "0.0.0.0";
+      port = 8080;
+      settings = {
+        server_url = "https://${domain}";
+        dns_config = {base_domain = "cleslie.uk";};
+
+        ip_prefixes = "100.64.0.0/10";
+      };
+    };
+    caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy localhost:${toString config.services.headscale.port}
+    '';
+  };
+}