Compare commits
3 commits
220cc229c1
...
85f34a31d3
| Author | SHA1 | Date | |
|---|---|---|---|
| 85f34a31d3 | |||
| 0e8db874a2 | |||
| 2fb1a1bec8 |
4 changed files with 88 additions and 56 deletions
|
|
@ -15,7 +15,7 @@
|
|||
id = "100.64.0.0";
|
||||
prefixLength = 10;
|
||||
};
|
||||
domain = "vpn.qo.is";
|
||||
domain = "vpn.net.qo.is";
|
||||
hosts = { };
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -30,6 +30,24 @@
|
|||
dbtype = "pgsql";
|
||||
};
|
||||
|
||||
appstoreEnable = false;
|
||||
extraApps = {
|
||||
inherit (config.services.nextcloud.package.passthru.packages.apps)
|
||||
calendar
|
||||
contacts
|
||||
deck
|
||||
groupfolders
|
||||
maps
|
||||
memories
|
||||
music
|
||||
news
|
||||
notes
|
||||
notify_push
|
||||
tasks
|
||||
twofactor_webauthn
|
||||
;
|
||||
};
|
||||
|
||||
phpOptions = {
|
||||
"opcache.interned_strings_buffer" = "23";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ with lib;
|
|||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.forgejo;
|
||||
database.type = "postgres";
|
||||
|
||||
lfs.enable = true;
|
||||
|
|
|
|||
|
|
@ -16,6 +16,11 @@ in
|
|||
|
||||
options.qois.vpn-server = {
|
||||
enable = mkEnableOption "Enable vpn server services";
|
||||
domain = mkOption {
|
||||
description = "Domain for the VPN admin server";
|
||||
type = types.str;
|
||||
default = "vpn.qo.is";
|
||||
};
|
||||
dnsRecords = mkOption {
|
||||
description = "DNS records to add to Hosts";
|
||||
type = with types; attrsOf str;
|
||||
|
|
@ -36,8 +41,8 @@ in
|
|||
with config.services.headscale.settings;
|
||||
(
|
||||
[
|
||||
db_path
|
||||
private_key_path
|
||||
database.sqlite.path
|
||||
derp.server.private_key_path
|
||||
noise.private_key_path
|
||||
]
|
||||
++ derp.paths
|
||||
|
|
@ -56,22 +61,22 @@ in
|
|||
in
|
||||
{
|
||||
enable = true;
|
||||
address = vnet.backplane.hosts.cyprianspitz.v4.ip;
|
||||
address = vnet.backplane.hosts.cyprianspitz.v4.ip; # TODO: This entails that the backplane interface is up.
|
||||
port = 46084;
|
||||
settings = {
|
||||
server_url = "https://${vpnNet.domain}:443";
|
||||
server_url = "https://${cfg.domain}:443";
|
||||
|
||||
tls_letsencrypt_challenge_type = "TLS-ALPN-01";
|
||||
tls_letsencrypt_hostname = vpnNet.domain;
|
||||
|
||||
dns_config = {
|
||||
nameservers = [ vnet.backplane.hosts.calanda.v4.ip ];
|
||||
domains = [
|
||||
vpnNet.domain
|
||||
dns = {
|
||||
base_domain = vpnNet.domain;
|
||||
magic_dns = true;
|
||||
nameservers.global = [ vnet.backplane.hosts.calanda.v4.ip ];
|
||||
search_domains = [
|
||||
# vpnNet.domain # First by default with magic_dns
|
||||
vnet.backplane.domain
|
||||
];
|
||||
magic_dns = true;
|
||||
base_domain = vpnNet.domain;
|
||||
extra_records = pipe cfg.dnsRecords [
|
||||
attrsToList
|
||||
(map (val: val // { type = "A"; }))
|
||||
|
|
@ -80,9 +85,10 @@ in
|
|||
|
||||
ip_prefixes = [ vpnNetPrefix ];
|
||||
|
||||
acl_policy_path = pkgs.writeTextFile {
|
||||
name = "acls";
|
||||
text = builtins.toJSON {
|
||||
policy =
|
||||
let
|
||||
# Note: headscale has limited acl support currently. This might change in the future.
|
||||
aclPolicy = {
|
||||
hosts = {
|
||||
"clients" = vpnNetPrefix;
|
||||
};
|
||||
|
|
@ -129,6 +135,13 @@ in
|
|||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
mode = "file";
|
||||
path = pkgs.writeTextFile {
|
||||
name = "acls";
|
||||
text = builtins.toJSON aclPolicy;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue