{ lib, config, ... }: { imports = []; options = { apps = { base_domain = lib.mkOption { type = lib.types.str; }; headscale = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that headscale will be hosted at"; default = "headscale"; }; hostname = lib.mkOption { type = lib.types.str; description = "hostname that headscale will be hosted at"; default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that nextcloud will be hosted at"; default = "nextcloud"; }; hostname = lib.mkOption { type = lib.types.str; description = "hostname that nextcloud will be hosted at"; default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; }; }; }; }; config = { systemd = { services = { headscale = { after = ["postgresql.service"]; requires = ["postgresql.service"]; }; }; }; services = { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; headscale = { enable = true; user = "headscale"; group = "headscale"; address = "0.0.0.0"; port = 8080; settings = { server_url = "https://${config.apps.headscale.hostname}"; dns.base_domain = "clients.${config.apps.headscale.hostname}"; logtail.enabled = true; database = { type = "postgres"; postgres = { host = "/run/postgresql"; port = config.services.postgresql.settings.port; user = "headscale"; name = "headscale"; }; }; }; }; nginx = { enable = true; virtualHosts = { ${config.apps.headscale.hostname} = { # forceSSL = true; # enableACME = true; locations."/" = { proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; }; }; }; environment.systemPackages = [ config.services.headscale.package ]; }; }