Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Merge pull request 'Switch to headscale' (#11) from headscale into main

Browse source 
Reviewed-on: https://git.everest.tailscale/Toast/nix-stuff/pulls/11
This commit is contained in:
Toast 2024-11-03 01:30:30 +01:00
commit 3748aae1c5
7 changed files with 64 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

20
roles/server/caddy.nix
View file

@ -23,7 +23,9 @@ in {
extraConfig = '' extraConfig = ''
(tailscale) { (tailscale) {
tls internal tls internal
bind 100.73.96.48 # Old tailscale IP
# bind 100.73.96.48
bind 100.100.0.1
} }
''; '';
virtualHosts = { virtualHosts = {
@ -45,10 +47,17 @@ in {
}; };
}; };
}; };
services.dnsmasq.settings.cname = [ services.headscale.settings.dns_config.extra_records = let
"${manualHostname},everest" makeRecords = builtins.map (recordName: {
"${downloadsHostname},everest" name = recordName;
]; type = "A";
value = "100.100.0.1";
});
in
makeRecords [
manualHostname
downloadsHostname
];
systemd = { systemd = {
services.caddy.after = ["tailscaled.service"]; services.caddy.after = ["tailscaled.service"];
# We have somewhat frequent power outages, and our ISP router takes # We have somewhat frequent power outages, and our ISP router takes
@ -58,4 +67,5 @@ in {
services.caddy.serviceConfig.RestartSec = lib.mkForce "120s"; services.caddy.serviceConfig.RestartSec = lib.mkForce "120s";
}; };
programs.rust-motd.settings.service_status.Caddy = "caddy"; programs.rust-motd.settings.service_status.Caddy = "caddy";
networking.firewall.allowedTCPPorts = [443 80];
} }

2
roles/server/default.nix
View file

@ -11,8 +11,8 @@
./ddclient.nix ./ddclient.nix
./beep.nix ./beep.nix
./tailscale.nix ./tailscale.nix
./headscale.nix
./caddy.nix ./caddy.nix
./dns.nix
./rust_motd.nix ./rust_motd.nix
./minecraft.nix ./minecraft.nix
]; ];

42
roles/server/dns.nix
View file

@ -1,42 +0,0 @@
{...}: {
services.dnsmasq = {
enable = true;
# Only using this for tailscale IPs, so better to let tailscale itself deal with it
resolveLocalQueries = false;
settings = {
listen-address = ["100.73.96.48"];
/*
Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
From the little testing I have done it seems to not cause any issues, but better to be safe
than sorry :P
*/
dns-loop-detect = true;
host-record = [
"winmax2,winmax2.tailscale,100.106.73.20"
"everest,everest.tailscale,100.73.96.48"
"archie,archie.tailscale,100.113.139.93"
"steamdeck,steamdeck.tailscale,100.85.48.85"
"surfacego,surfacego.tailscale,100.96.92.13"
];
# If this isn't set a cname that targets a host might return the wrong ip
localise-queries = true;
## IPv6 is not a thing in Spain so I'm guaranteed to not use it
filter-AAAA = true;
domain = "tailscale";
domain-needed = true;
};
};
programs.rust-motd.settings.service_status.dnsmasq = "dnsmasq";
# Dnsmasq conflicts with the resolved dns stub listener
services.resolved.extraConfig = ''
[Resolve]
DNSStubListener=no
'';
}

10
roles/server/forgejo.nix
View file

@ -44,8 +44,14 @@ in {
}; };
}; };
# Add a cname for forgejo # Add a record for forgejo
services.dnsmasq.settings.cname = ["git.everest.tailscale,everest"]; services.headscale.settings.dns_config.extra_records = [
{
name = "git.everest.tailscale";
type = "A";
value = "100.100.0.1";
}
];
# Set up caddy as the reverse proxy for Forgejo # Set up caddy as the reverse proxy for Forgejo
services.caddy.virtualHosts.forgejo = { services.caddy.virtualHosts.forgejo = {

24
roles/server/headscale.nix Normal file
View file

@ -0,0 +1,24 @@
{...}: {
services.headscale = {
enable = true;
settings = {
server_url = "https://headscale.toast003.xyz";
ip_prefixes = [
"100.100.0.0/16"
];
dns_config = {
base_domain = "tailscale";
nameservers = ["9.9.9.9"];
override_local_dns = true;
};
};
};
services.caddy = {
virtualHosts.headscale = {
hostName = "headscale.toast003.xyz";
extraConfig = ''
reverse_proxy localhost:8080
'';
};
};
}

10
roles/server/syncthing.nix
View file

@ -39,8 +39,14 @@
AmbientCapabilities = "CAP_CHOWN CAP_FOWNER"; AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
}; };
# Add a cname for syncthing # Add a record for syncthing
services.dnsmasq.settings.cname = ["sync.everest.tailscale,everest"]; services.headscale.settings.dns_config.extra_records = [
{
name = "sync.everest.tailscale";
type = "A";
value = "100.100.0.1";
}
];
# Set up caddy as the reverse proxy for syncthing # Set up caddy as the reverse proxy for syncthing
services.caddy.virtualHosts.syncthing = { services.caddy.virtualHosts.syncthing = {

10
roles/server/transmission.nix
View file

@ -37,8 +37,14 @@ in {
''; '';
}; };
# Add a cname for transmission # Add a record for transmission
services.dnsmasq.settings.cname = ["transmission.everest.tailscale,everest"]; services.headscale.settings.dns_config.extra_records = [
{
name = "transmission.everest.tailscale";
type = "A";
value = "100.100.0.1";
}
];
# Set up caddy as the reverse proxy for transmission # Set up caddy as the reverse proxy for transmission
services.caddy.virtualHosts.transmission = { services.caddy.virtualHosts.transmission = {