Tailscale, initialize client

hosts/juri/host.nix

@@ -36,6 +36,11 @@ in {
           reverse_proxy :${builtins.toString config.forgejo.server.port}
         '';
       };
+      "ginko.woach.me" = {
+        extraConfig = ''
+          reverse_proxy :${builtins.toString config.headscale.server.port}
+        '';
+      };
     };
   };
 
@@ -56,10 +61,16 @@ in {
     };
   };
 
+  headscale = {
+    enable = true;
+    server.domain = "ginko.woach.me";
+  };
+
   postgres.enable = true;
 
   shell.enabledShells = [ "fish" ];
   shell.defaultShell = "fish";
 
+  tailscale.enable = true;
   sshd.enable = true;
 }

hosts/onizuka/host.nix

@@ -13,6 +13,7 @@
   system.users.bigWheels = [ "pan" ];
 
   sshd.enable = true;
+  tailscale.enable = true;
 
   tuigreet.enable = true;
   niri.enable = true;

nixosModules/services/headscale/service.nix

@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+
+{
+  options.headscale = {
+    enable = lib.mkEnableOption "Enable headscale";
+    server = {
+      port = lib.mkOption { default = 7204; };
+      domain = lib.mkOption { type = lib.types.str; };
+    };
+  };
+
+  config = lib.mkIf config.headscale.enable {
+    networking.firewall.allowedUDPPorts = [ 3478 ];
+    services.headscale = {
+      enable = true;
+      port = config.headscale.server.port;
+      settings = {
+        server_url = "https://${config.headscale.server.domain}";
+        dns = {
+          base_domain = "connect.claris";
+          override_local_dns = false;
+        };
+      };
+    };
+  };
+}

nixosModules/services/tailscale/service.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options.tailscale = {
+    enable = lib.mkEnableOption "enables tailscale";
+  };
+
+  config = lib.mkIf config.tailscale.enable {
+    services.tailscale.enable = true;
+  };
+}