Add beryllium and connect via VPN

I finally got everything setup for the new dev machine, but I ran into a
networking problem: I can't tell my home router to expose the ssh port 22 to
multiple hosts. I could have made beryllium use a different port, but instead I
decided to use tailscale, and this seems to work well. I still don't have
hostname routing working, but maybe that's a simple config in tailscale
somewhere.

Eventually I will get all intra-networking stuff to use a vpn, but for now just
using it for beryllium is fine.

1 files changed, 33 insertions, 0 deletions

diff --git a/Biz/Dev/Vpn.nix b/Biz/Dev/Vpn.nix
new file mode 100644
index 0000000..5a3c3e6
--- /dev/null
+++ b/Biz/Dev/Vpn.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+
+let
+  ports = import ../Cloud/Ports.nix;
+  domain = "headscale.simatime.com";
+in {
+  services.headscale = {
+    enable = true;
+    address = "0.0.0.0";
+    port = ports.headscale;
+    settings = {};
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableAcme = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString ports.headscale}";
+      proxyWebsockets = true;
+    };
+  };
+
+  environment.systemPackages = [ config.services.headscale.package ];
+
+  services.tailscale.enable = true;
+
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+
+}