From 0930056698e47c5dda75bce0a6d7ef306c7497df Mon Sep 17 00:00:00 2001
From: Ellis Rahhal <ellis@rahh.al>
Date: Mon, 3 Feb 2025 23:41:59 -0800
Subject: [PATCH] updated headscale config

---
 configuration.nix                  | 4 +---
 secrets-unencrypted/headplane.yaml | 9 +++++++++
 2 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 secrets-unencrypted/headplane.yaml

diff --git a/configuration.nix b/configuration.nix
index 3a0ccf1..d3ef5ce 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -131,12 +131,10 @@
         enable = true;
         secrets = {
           tailscale-key = config.sops.secrets."tailscale/key".path;
+          headplane-env = config.sops.secrets."headplane/env".path;
         };
       };
 
-      headscale-ui = {
-        enable = true;
-      };
 
       jellyfin = {
         enable = true;
diff --git a/secrets-unencrypted/headplane.yaml b/secrets-unencrypted/headplane.yaml
new file mode 100644
index 0000000..c2b59ea
--- /dev/null
+++ b/secrets-unencrypted/headplane.yaml
@@ -0,0 +1,9 @@
+headplane:
+    env: |-
+        # This is always required for Headplane to work
+        COOKIE_SECRET=<changeme>
+        # This NEEDS to be set with OIDC, regardless of what's in the config
+        # This needs to be a very long-lived (999 day) API key used to create
+        # shorter ones for OIDC and allow the OIDC functionality to work
+        ROOT_API_KEY=<changeme>
+        # OIDC_CLIENT_SECRET=super_secret_client_secret