fossify/dotfiles: hosts/common/optional/headscale.nix

Configuration for my various machines!
{ config, lib, ... }:
let
  derpPort = 3478;
  hsdomain = "rune.aptenodytes.ca";
in
{
  services = {
      
    headscale = {
      enable = true;
      address = "0.0.0.0";
      port = 8080;
      settings = {
        base_domain = "pharaoh";
        logtail.enabled = false;
	metrics_listen_addr = "127.0.0.1:8095";
        server_url = "https://${hsdomain}";
        derp.server = {
          enable = true;
          region_id = 999;
          stun_listen_addr = "0.0.0.0:${toString derpPort}";
        };
      };
    };

    nginx.virtualHosts.${hsdomain} = {
      enableACME = true;
      forceSSL = true;
      locations = {
        "/" = {
          proxyPass = "http://localhost:${toString config.services.headscale.port}";
          proxyWebsockets = true;
        };
        "/metrics" = {
          proxyPass = "http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
        };
      };
    };
  };

  networking.firewall.allowedUDPPorts = [ derpPort ];

  environment.systemPackages = [ config.services.headscale.package ];
}