hueirhuierghqiwehufiwerhRevert "skibity toil"

This reverts commit 3fd58180ac.
This commit is contained in:
Sakooooo 2025-01-01 01:18:25 +04:00
parent 3fd58180ac
commit 5c37b3b8be
Signed by: sako
GPG key ID: 3FD715D87D7725E0
4 changed files with 95 additions and 7 deletions

View file

@ -64,7 +64,10 @@
dns.blocky.enable = true;
nginx.enable = true;
postgresql.enable = true;
services = { forgejo.enable = true; };
services = {
forgejo.enable = true;
# headscale.enable = true;
};
};
};

View file

@ -8,7 +8,7 @@ in {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17_jit;
ensureDatabases = [ "forgejo" "headscale" ];
ensureDatabases = [ "forgejo" ];
ensureUsers = [
{
name = "postgres";
@ -24,10 +24,6 @@ in {
name = "forgejo";
ensureDBOwnership = true;
}
{
name = "headscale";
ensureDBOwnership = true;
}
];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74

View file

@ -1 +1 @@
{ imports = [ ./forgejo.nix ]; }
{ imports = [ ./forgejo.nix ./headscale.nix ]; }

View file

@ -0,0 +1,89 @@
{ config, lib, ... }:
with lib;
let cfg = config.void.server.services.headscale;
in {
options.void.server.services.headscale = { enable = mkEnableOption false; };
config = mkIf cfg.enable {
# THANK YOU NOTASHLEF
environment.systemPackages =
[ config.services.headscale.package pkgs.tailscale ];
services.tailscale.enable = true;
services.headscale = {
enable = true;
package = pkgs.headscale;
address = "127.0.0.1";
port = 8085;
settings = {
server_url = "https://headscale.sako.lol";
grpc_listen_addr = "127.0.0.1:50443";
grpc_allow_insecure = false;
prefixes = {
allocation = "sequential";
v4 = "100.64.0.0/10";
v6 = "fd7a:115c:a1e0::/48";
};
# TODOOOOO POSTGRES NOW NOWNOW
database = {
type = "sqlite3";
debug = false;
sqlite.path = "/var/lib/headscale/db.sqlite";
# GORM configuration settings.
gorm = {
# Enable prepared statements.
prepare_stmt = true;
# Enable parameterized queries.
parameterized_queries = true;
# Skip logging "record not found" errors.
skip_err_record_not_found = true;
# Threshold for slow queries in milliseconds.
slow_threshold = 1000;
};
};
metrics_listen_addr = "127.0.0.1:8086";
randomize_client_port =
false; # prefer a random port for WireGuard traffic over
disable_check_updates = true; # disable checking for updates on startup
ephemeral_node_inactivity_timeout =
"30m"; # time before an e ephemeral node is deleted.
node_update_check_interval = "10s";
# Unix socket used for the CLI to connect without authentication
unix_socket = "/run/headscale/headscale.sock";
unix_socket_permission = "0770";
# logging
log = {
format = "text";
level = "info";
};
services.nginx.virtualHosts."headscale.sako.lol" = {
forceSSL = true;
enableACME = true;
http3 = true;
locations = {
"/" = {
proxyPass =
"http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
};
systemd.services = { tailscaled.after = [ "headscale.service" ]; };
};
};
};
}