homefree/homefree
1
0
Fork 0
Code Issues 66 Pull requests Projects 2 Releases Packages Wiki Activity Actions

* Headscale updates

Browse source
This commit is contained in:
Ellis Rahhal 2024-12-23 10:42:50 -08:00
parent 4a8bc2959b
commit 4911dac3a9
2 changed files with 28 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/ddclient-multi.nix
View file

@ -259,7 +259,9 @@ with lib;
inherit StateDirectory; inherit StateDirectory;
Type = "oneshot"; Type = "oneshot";
ExecStartPre = [ "!${pkgs.writeShellScript "ddclient-prestart" preStart}" ]; ExecStartPre = [ "!${pkgs.writeShellScript "ddclient-prestart" preStart}" ];
ExecStart = "${lib.getExe cfg.package} -file /run/${RuntimeDirectory}/ddclient.conf"; ExecStart = ''
${pkgs.bash}/bin/bash -c '${lib.getExe cfg.package} -file /run/${RuntimeDirectory}/ddclient.conf 2>&1 | ${pkgs.coreutils-full}/bin/tee >(${pkgs.gnugrep}/bin/grep -q "422" && exit 0); exit ''\${pipestatus[0]}'
'';
}; };
}; };

30
services/headscale.nix
View file

@ -1,9 +1,9 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.homefree; cfg = config.homefree;
search-domains = [ cfg.system.domain cfg.system.localDomain ] ++ cfg.system.additionalDomains; search-domains = [ cfg.system.domain cfg.system.localDomain ] ++ cfg.system.additionalDomains;
## See: https://headscale.net/stable/ref/acls/ ## See: https://headscale.net/stable/ref/acls/
## @TODO: Doesn't seem to work ## @TODO: Doesn't seem to work, may even block all traffic not explicitly approved.
policy = pkgs.writeText "headscale-policy.json" '' policy = pkgs.writeText "headscale-policy.json" ''
{ {
"hosts": { "hosts": {
@ -31,25 +31,40 @@ in
address = "10.0.0.1"; address = "10.0.0.1";
settings = { settings = {
server_url = "https://headscale.${cfg.system.domain}:443"; server_url = "https://headscale.${cfg.system.domain}:443";
policy.path = policy; # policy.path = policy;
dns = { dns = {
magic_dns = true;
## Must be different from server domain ## Must be different from server domain
base_domain = "homefree.vpn"; base_domain = "homefree.vpn";
search_domains = search-domains; # search_domains = search-domains;
## Add ## Add
nameservers.global = [ nameservers.global = [
## @TODO: It appears that these servers are round-robinned.
## Can 10.0.0.1 be set as default, and the rest as backups?
## Would be useful to support ad blocking over tailscale.
## Internal DNS, has local domain names ## Internal DNS, has local domain names
"10.0.0.1" # "10.0.0.1"
## Backup in case internal DNS not accessible due to connectivity issues ## Backup in case internal DNS not accessible due to connectivity issues
"9.9.9.10" "9.9.9.10"
## Secondary backup ## Secondary backup
"1.1.1.1" "1.1.1.1"
]; ];
nameservers.split = lib.listToAttrs (lib.map (domain:
{
name = domain;
value = [
"10.0.0.1"
];
}
) search-domains);
}; };
prefixes = { prefixes = {
## Some VPNs use addresses that overlap. Reduce the size of the network ## Some VPNs use addresses that overlap. Reduce the size of the network
## from 10.64.0.0/10 ## from 10.64.0.0/10
v4 = "100.64.0.0/24"; v4 = "100.64.0.0/24";
v6 = "fd7a:115c:a1e0::/48";
}; };
derp = { derp = {
server = { server = {
@ -117,6 +132,11 @@ in
reverse_proxy /web* http://10.0.0.1:3009 reverse_proxy /web* http://10.0.0.1:3009
''; '';
}; };
backup = {
paths = [
"/var/lib/headscale"
];
};
} }
] else []; ] else [];
} }