NixMachines/machines/hippocampus/servers/public/headscale.nix

{config, pkgs, ...}: {
  imports = [
    ../../modules/headscale.nix
  ];
  services.headscale = {
    enable = true;
    # 7000 port addresses are for internal network
    port = 7000;
    settings = {
      server_url = "https://headscale.syzygial.cc";
      # TODO: Generate keys??


      # Postgres seems to be broken
      # db_type = "postgres";
      # db_host = "/var/run/postgresql";
      # db_name = "headscale";
      # db_user = "headscale";

      # Tailscale IP Base:
      ip_prefixes = [
        "100.64.0.0/10"
      ];

      # Give a name to each device
      dns = {
        base_domain = "tailnet";
        magic_dns = true;
      };
    };
  };
  # Temporary until systemd units are made
  # TODO: Create automatic systemd units for provisioning auth keys
  environment.systemPackages = with pkgs; [
    headscale
  ];
  services.caddy.virtualHosts = {
    "headscale.syzygial.cc" = {
      extraConfig = ''
        reverse_proxy localhost:7000
      '';
    };
  };
  # services.postgresql = {
  #   enable = true;
  #   port = 5432;
  #   ensureDatabases = [
  #     "headscale"
  #   ];
  #   ensureUsers = [{
  #     name = "headscale";
  #     ensurePermissions = {
  #       "DATABASE \"headscale\"" = "ALL PRIVILEGES";
  #     };
  #   }];
  # };
}