no time to explain, lots of changes

2024-01-06 12:30:05 -07:00 · 2024-01-06 12:30:05 -07:00 · 6a465666ee
parent 1d220920e0
commit 6a465666ee
3 changed files with 120 additions and 10 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -56,6 +56,8 @@
    helix
    wget
    git
+
+    juanfont-headscale.headscale # install to allow debugging/control of headscale using the CLI
  ];

  # List services that you want to enable:
@ -119,6 +121,14 @@
          default = [ "ads" ];
        };
      };
+      customDNS = {
+        rewrite = {
+          "cockpit.samsehu.perli.casa" = "samsehu.perli.casa";
+        };
+        mapping = {
+          "samsehu.perli.casa" = "100.64.0.3";
+        };
+      };
    };
  };

@ -175,6 +185,7 @@
    '';

    virtualHosts."lldap.samsehu.perli.casa".extraConfig = ''
+      bind 100.64.0.3
      reverse_proxy localhost:17170
    '';

@ -183,6 +194,7 @@
    '';

    virtualHosts."cockpit.samsehu.perli.casa".extraConfig = ''
+      bind 100.64.0.3
      reverse_proxy localhost:9090
    '';

@ -198,8 +210,10 @@
  # Headscale for access to the network while away from home
  services.headscale = {
    enable = true;
+    package = pkgs.juanfont-headscale.headscale;
    settings = {
      server_url = "https://headscale.samsehu.perli.casa";
+      base_domain = "perli.casa";
      listen_addr = "127.0.0.1:64639";
      metrics_listen_addr = "127.0.0.1:64640";
      tls_cert_path = null;
@ -208,7 +222,37 @@
      dns_config = {
        nameservers = [ "127.0.0.1" ];
        magic_dns = true;
+        # extra_records = [
+        #   { name = "cockpit.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
+        #   { name = "lldap.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
+        # ];
      };
+
+      acl_policy_path = pkgs.writeText "acl_policy.hujson" ''
+        {
+          "groups": {
+            "group:admin": [
+              "geemili",
+              "desttinghim",
+            ],
+          },
+          "acls": [
+            {
+              "action": "accept",
+              "src": ["group:admin"],
+              "dst": ["*:*"],
+            }
+          ],
+          "ssh": [
+            {
+              "action": "accept",
+              "src": ["autogroup:member"],
+              "dst": ["autogroup:self"],
+              "users": ["autogroup:nonroot"],
+            },
+          ],
+        }
+      '';
    };
  };

--- a/flake.lock
+++ b/flake.lock
@ -45,6 +45,24 @@
        "type": "github"
      }
    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -66,6 +84,28 @@
        "type": "github"
      }
    },
+    "juanfont-headscale": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1702219574,
+        "narHash": "sha256-sz+uQyyq/5YYDe5I44x5x2nvd48swAhNlInB8KZYvDo=",
+        "owner": "juanfont",
+        "repo": "headscale",
+        "rev": "6049ec758ca46b5c6ee7abba4f3d472fb1e2ffa6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "juanfont",
+        "ref": "v0.23.0-alpha2",
+        "repo": "headscale",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1703467016,
@ -85,6 +125,7 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
+        "juanfont-headscale": "juanfont-headscale",
        "nixpkgs": "nixpkgs"
      }
    },
@ -102,6 +143,21 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -5,16 +5,26 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-  };
-
-  outputs = { self, nixpkgs, agenix }: {
-    nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        ./agenix-config-module.nix
-        ./configuration.nix
-        agenix.nixosModules.default
-      ];
+    juanfont-headscale = {
+      url = "github:juanfont/headscale/v0.23.0-alpha2";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
+
+  outputs = { self, nixpkgs, agenix, juanfont-headscale }:
+    let
+      overlay-juanfont-headscale = final: prev: {
+        juanfont-headscale = juanfont-headscale.packages.${prev.system};
+      };
+    in {
+      nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ({config, pkgs, ...}: { nixpkgs.overlays = [ overlay-juanfont-headscale ]; })
+          ./agenix-config-module.nix
+          ./configuration.nix
+          agenix.nixosModules.default
+        ];
+      };
+  };
 }