removed headscale

configurations/nixos/defiant/configuration.nix

@@ -1,9 +1,5 @@
 # server nas
 {pkgs, ...}: {
-  imports = [
-    # ./services.nix
-  ];
-
   nixpkgs.config.allowUnfree = true;
 
   host = {
@@ -65,6 +61,13 @@
       enable = false;
       hostname = "volpe.social";
     };
+    postgres = {
+      extraUsers = {
+        leyla = {
+          isAdmin = true;
+        };
+      };
+    };
     jellyfin = {
       enable = true;
       subdomain = "media";
@@ -96,40 +99,11 @@
       enable = true;
       subdomain = "drive";
     };
-    headscale = {
-      enable = true;
-      subdomain = "vpn";
-    };
   };
   networking = {
     hostId = "c51763d6";
   };
 
-  # apps = {
-  #   base_domain = "jan-leila.com";
-  #   macvlan = {
-  #     subnet = "192.168.1.0/24";
-  #     gateway = "192.168.1.1";
-  #     networkInterface = "bond0";
-  #   };
-  #   pihole = {
-  #     image = "pihole/pihole:2024.07.0";
-  #     ip = "192.168.1.201";
-  #   };
-  #   headscale = {
-  #     subdomain = "vpn";
-  #   };
-  #   jellyfin = {
-  #     subdomain = "media";
-  #   };
-  #   forgejo = {
-  #     subdomain = "git";
-  #   };
-  #   nextcloud = {
-  #     subdomain = "drive";
-  #   };
-  # };
-
   services = {
     # TODO: move zfs scrubbing into module
     zfs = {

modules/nixos-modules/server/default.nix

@@ -10,6 +10,5 @@
     ./home-assistant.nix
     ./pihole.nix
     ./nextcloud.nix
-    ./headscale.nix
   ];
 }

modules/nixos-modules/server/headscale.nix

@@ -1,61 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}";
-in {
-  options.host.headscale = {
-    enable = lib.mkEnableOption "should headscale be enabled on this computer";
-    subdomain = lib.mkOption {
-      type = lib.types.str;
-      description = "subdomain of base domain that headscale will be hosted at";
-      default = "headscale";
-    };
-  };
-
-  config = lib.mkIf config.host.headscale.enable {
-    host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
-      target = "http://localhost:${toString config.services.headscale.port}";
-    };
-
-    systemd = {
-      services = {
-        headscale = {
-          after = ["postgresql.service"];
-          requires = ["postgresql.service"];
-        };
-      };
-    };
-
-    services = {
-      # DNS stub needs to be disabled so pi hole can bind
-      # resolved.extraConfig = "DNSStubListener=no";
-      headscale = {
-        enable = true;
-        user = "headscale";
-        group = "headscale";
-        address = "0.0.0.0";
-        port = 8080;
-        settings = {
-          server_url = "https://${hostname}";
-          dns.base_domain = "clients.${hostname}";
-          logtail.enabled = true;
-          database = {
-            type = "postgres";
-            postgres = {
-              host = "/run/postgresql";
-              port = config.services.postgresql.settings.port;
-              user = "headscale";
-              name = "headscale";
-            };
-          };
-        };
-      };
-    };
-
-    environment.systemPackages = [
-      config.services.headscale.package
-    ];
-  };
-}

modules/nixos-modules/server/postgres.nix

@@ -7,6 +7,8 @@
   dataDir = "/var/lib/postgresql/15";
   adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
   clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
+  createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers);
+  createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases;
 in {
   options = {
     host.postgres = {
@@ -26,6 +28,21 @@ in {
               type = lib.types.bool;
               default = false;
             };
+            createUser = lib.mkOption {
+              type = lib.types.bool;
+              default = false;
+            };
+          };
+        }));
+        default = {};
+      };
+      extraDatabases = lib.mkOption {
+        type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
+          options = {
+            name = lib.mkOption {
+              type = lib.types.str;
+              default = name;
+            };
           };
         }));
         default = {};
@@ -39,11 +56,19 @@ in {
         postgresql = {
           enable = true;
           package = pkgs.postgresql_15;
-          ensureUsers = [
+          ensureUsers =
+            [
               {
                 name = "postgres";
               }
-          ];
+            ]
+            ++ (
+              builtins.map (user: {
+                name = user.name;
+              })
+              createUsers
+            );
+          ensureDatabases = builtins.map (database: database.name) createDatabases;
           identMap =
             ''
               # ArbitraryMapName systemUser DBUser
@@ -60,13 +85,13 @@ in {
               # Client Users
             ''
             + (
-              lib.strings.concatLines (builtins.map (user: "superuser_map      ${user.name}   ${user.name}") clientUsers)
+              lib.strings.concatLines (builtins.map (user: "user_map      ${user.name}   ${user.name}") clientUsers)
             );
           # configuration here lets users access the db that matches their name and lets user postgres access everything
           authentication = pkgs.lib.mkOverride 10 ''
             # type database DBuser    origin-address auth-method   optional_ident_map
             local  all      postgres                 peer          map=superuser_map
-            local  sameuser all                      peer          map=superuser_map
+            local  sameuser all                      peer          map=user_map
           '';
         };
       };