Omni/Dev/Vpn.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

{config, ...}: let
  ports = import ../Cloud/Ports.nix;
  domain = "headscale.simatime.com";
in {
  services.headscale = {
    enable = true;
    address = "0.0.0.0";
    port = ports.headscale;
    settings = {dns.base_domain = "simatime.com";};
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableAcme = true;
    locations."/" = {
      proxyPass = "http://localhost:${toString ports.headscale}";
      proxyWebsockets = true;
    };
  };

  environment.systemPackages = [config.services.headscale.package];

  services.tailscale.enable = true;

  networking.firewall = {
    checkReversePath = "loose";
    trustedInterfaces = ["tailscale0"];
    allowedUDPPorts = [config.services.tailscale.port];
  };
}