From 12ea4b5a87ab7b28eddf7ba125bf54a97057432f Mon Sep 17 00:00:00 2001
From: Julia Lange <public@julialange.org>
Date: Wed, 9 Jul 2025 19:32:34 -0700
Subject: [PATCH 1/2] Headscale, initialization

---
 hosts/juri/host.nix                         | 10 ++++++++
 nixosModules/services/headscale/service.nix | 26 +++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 nixosModules/services/headscale/service.nix

diff --git a/hosts/juri/host.nix b/hosts/juri/host.nix
index 8a016b6..4f30a2f 100644
--- a/hosts/juri/host.nix
+++ b/hosts/juri/host.nix
@@ -36,6 +36,11 @@ in {
           reverse_proxy :${builtins.toString config.forgejo.server.port}
         '';
       };
+      "ginko.woach.me" = {
+        extraConfig = ''
+          reverse_proxy :${builtins.toString config.headscale.server.port}
+        '';
+      };
     };
   };
 
@@ -56,6 +61,11 @@ in {
     };
   };
 
+  headscale = {
+    enable = true;
+    server.domain = "ginko.woach.me";
+  };
+
   postgres.enable = true;
 
   shell.enabledShells = [ "fish" ];
diff --git a/nixosModules/services/headscale/service.nix b/nixosModules/services/headscale/service.nix
new file mode 100644
index 0000000..12fbad7
--- /dev/null
+++ b/nixosModules/services/headscale/service.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+
+{
+  options.headscale = {
+    enable = lib.mkEnableOption "Enable headscale";
+    server = {
+      port = lib.mkOption { default = 7204; };
+      domain = lib.mkOption { type = lib.types.str; };
+    };
+  };
+
+  config = lib.mkIf config.headscale.enable {
+    networking.firewall.allowedUDPPorts = [ 3478 ];
+    services.headscale = {
+      enable = true;
+      port = config.headscale.server.port;
+      settings = {
+        server_url = "https://${config.headscale.server.domain}";
+        dns = {
+          base_domain = "connect.claris";
+          override_local_dns = false;
+        };
+      };
+    };
+  };
+}

From 8a802411c6020c29e94e4bd4bd6c45f23b9c0141 Mon Sep 17 00:00:00 2001
From: Julia Lange <public@julialange.org>
Date: Thu, 10 Jul 2025 12:02:31 -0700
Subject: [PATCH 2/2] Tailscale, initialize client

---
 hosts/juri/host.nix                         |  1 +
 hosts/onizuka/host.nix                      |  1 +
 nixosModules/services/tailscale/service.nix | 11 +++++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 nixosModules/services/tailscale/service.nix

diff --git a/hosts/juri/host.nix b/hosts/juri/host.nix
index 4f30a2f..192639b 100644
--- a/hosts/juri/host.nix
+++ b/hosts/juri/host.nix
@@ -71,5 +71,6 @@ in {
   shell.enabledShells = [ "fish" ];
   shell.defaultShell = "fish";
 
+  tailscale.enable = true;
   sshd.enable = true;
 }
diff --git a/hosts/onizuka/host.nix b/hosts/onizuka/host.nix
index c48f020..d2dbc49 100644
--- a/hosts/onizuka/host.nix
+++ b/hosts/onizuka/host.nix
@@ -13,6 +13,7 @@
   system.users.bigWheels = [ "pan" ];
 
   sshd.enable = true;
+  tailscale.enable = true;
 
   tuigreet.enable = true;
   niri.enable = true;
diff --git a/nixosModules/services/tailscale/service.nix b/nixosModules/services/tailscale/service.nix
new file mode 100644
index 0000000..cd94ad8
--- /dev/null
+++ b/nixosModules/services/tailscale/service.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options.tailscale = {
+    enable = lib.mkEnableOption "enables tailscale";
+  };
+
+  config = lib.mkIf config.tailscale.enable {
+    services.tailscale.enable = true;
+  };
+}