Upgrade inputs to 24.11 #16

Merged
fabianhauser merged 21 commits from upgrade-2411 into main 2024-12-13 21:33:08 +01:00
2 changed files with 71 additions and 56 deletions
Showing only changes of commit a4b0352d6b - Show all commits

View file

@ -15,7 +15,7 @@
id = "100.64.0.0";
prefixLength = 10;
};
domain = "vpn.qo.is";
domain = "vpn.net.qo.is";
hosts = { };
};

View file

@ -16,6 +16,11 @@ in
options.qois.vpn-server = {
enable = mkEnableOption "Enable vpn server services";
domain = mkOption {
description = "Domain for the VPN admin server";
type = types.str;
default = "vpn.qo.is";
};
dnsRecords = mkOption {
description = "DNS records to add to Hosts";
type = with types; attrsOf str;
@ -32,12 +37,14 @@ in
environment.systemPackages = [ pkgs.headscale ];
systemd.services.headscale.after = [ "wireguard-wg-backplane.service" ];
qois.backup-client.includePaths =
with config.services.headscale.settings;
(
[
db_path
private_key_path
database.sqlite.path
derp.server.private_key_path
noise.private_key_path
]
++ derp.paths
@ -56,22 +63,22 @@ in
in
{
enable = true;
address = vnet.backplane.hosts.cyprianspitz.v4.ip;
address = vnet.backplane.hosts.cyprianspitz.v4.ip; # TODO: This entails that the backplane interface is up.
port = 46084;
settings = {
server_url = "https://${vpnNet.domain}:443";
server_url = "https://${cfg.domain}:443";
tls_letsencrypt_challenge_type = "TLS-ALPN-01";
tls_letsencrypt_hostname = vpnNet.domain;
dns_config = {
nameservers = [ vnet.backplane.hosts.calanda.v4.ip ];
domains = [
vpnNet.domain
dns = {
base_domain = vpnNet.domain;
magic_dns = true;
nameservers.global = [ vnet.backplane.hosts.calanda.v4.ip ];
search_domains = [
# vpnNet.domain # First by default with magic_dns
vnet.backplane.domain
];
magic_dns = true;
base_domain = vpnNet.domain;
extra_records = pipe cfg.dnsRecords [
attrsToList
(map (val: val // { type = "A"; }))
@ -80,9 +87,10 @@ in
ip_prefixes = [ vpnNetPrefix ];
acl_policy_path = pkgs.writeTextFile {
name = "acls";
text = builtins.toJSON {
policy =
let
# Note: headscale has limited acl support currently. This might change in the future.
aclPolicy = {
hosts = {
"clients" = vpnNetPrefix;
};
@ -129,6 +137,13 @@ in
}
];
};
in
{
mode = "file";
path = pkgs.writeTextFile {
name = "acls";
text = builtins.toJSON aclPolicy;
};
};
};
};