From 717b6e5c8e76b4c87cb520bf101ef22ee120b0d7 Mon Sep 17 00:00:00 2001
From: Julia Lange <public@julialange.org>
Date: Wed, 9 Jul 2025 19:32:34 -0700
Subject: [PATCH] Headscale, initialization

---
 hosts/juri/host.nix                         | 10 ++++++++
 nixosModules/services/headscale/service.nix | 26 +++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 nixosModules/services/headscale/service.nix

diff --git a/hosts/juri/host.nix b/hosts/juri/host.nix
index 8a016b6..4f30a2f 100644
--- a/hosts/juri/host.nix
+++ b/hosts/juri/host.nix
@@ -36,6 +36,11 @@ in {
           reverse_proxy :${builtins.toString config.forgejo.server.port}
         '';
       };
+      "ginko.woach.me" = {
+        extraConfig = ''
+          reverse_proxy :${builtins.toString config.headscale.server.port}
+        '';
+      };
     };
   };
 
@@ -56,6 +61,11 @@ in {
     };
   };
 
+  headscale = {
+    enable = true;
+    server.domain = "ginko.woach.me";
+  };
+
   postgres.enable = true;
 
   shell.enabledShells = [ "fish" ];
diff --git a/nixosModules/services/headscale/service.nix b/nixosModules/services/headscale/service.nix
new file mode 100644
index 0000000..12fbad7
--- /dev/null
+++ b/nixosModules/services/headscale/service.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+
+{
+  options.headscale = {
+    enable = lib.mkEnableOption "Enable headscale";
+    server = {
+      port = lib.mkOption { default = 7204; };
+      domain = lib.mkOption { type = lib.types.str; };
+    };
+  };
+
+  config = lib.mkIf config.headscale.enable {
+    networking.firewall.allowedUDPPorts = [ 3478 ];
+    services.headscale = {
+      enable = true;
+      port = config.headscale.server.port;
+      settings = {
+        server_url = "https://${config.headscale.server.domain}";
+        dns = {
+          base_domain = "connect.claris";
+          override_local_dns = false;
+        };
+      };
+    };
+  };
+}