From 39e11879486183522a9ecb5cdb44d7c96db508ee Mon Sep 17 00:00:00 2001
From: m3tam3re <m@m3tam3re.com>
Date: Fri, 21 Feb 2025 14:07:29 +0100
Subject: [PATCH] headscale + tailscale

---
 hosts/m3-atlas/services/default.nix   |  2 ++
 hosts/m3-atlas/services/headscale.nix | 33 +++++++++++++++++++++++++++
 hosts/m3-atlas/services/tailscale.nix |  9 ++++++++
 hosts/m3-kratos/services/default.nix  |  1 +
 4 files changed, 45 insertions(+)
 create mode 100644 hosts/m3-atlas/services/headscale.nix
 create mode 100644 hosts/m3-atlas/services/tailscale.nix

diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix
index ea05f0c..a5746cb 100644
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@@ -2,11 +2,13 @@
   imports = [
     ./containers
     ./gitea.nix
+    ./headscale.nix
     ./minio.nix
     ./mysql.nix
     ./n8n.nix
     ./postgres.nix
     ./searx.nix
+    ./tailscale.nix
     ./traefik.nix
     ./wastebin.nix
   ];
diff --git a/hosts/m3-atlas/services/headscale.nix b/hosts/m3-atlas/services/headscale.nix
new file mode 100644
index 0000000..8dcb453
--- /dev/null
+++ b/hosts/m3-atlas/services/headscale.nix
@@ -0,0 +1,33 @@
+{
+  services = {
+    headscale = {
+      enable = true;
+      port = 3009;
+      settings = {
+        server_url = "https://va.m3tam3re.com";
+        dns = {
+          base_domain = "m3tam3re.loc";
+        };
+        logtail.enabled = false;
+      };
+    };
+  };
+
+  # Traefik configuration specific to
+  services.traefik.dynamicConfigOptions.http = {
+    services.headscale.loadBalancer.servers = [
+      {
+        url = "http://localhost:3009/";
+      }
+    ];
+
+    routers.headscale = {
+      rule = "Host(`va.m3tam3re.com`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "headscale";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/hosts/m3-atlas/services/tailscale.nix b/hosts/m3-atlas/services/tailscale.nix
new file mode 100644
index 0000000..7a14f28
--- /dev/null
+++ b/hosts/m3-atlas/services/tailscale.nix
@@ -0,0 +1,9 @@
+{
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+  };
+  networking.firewall = {
+    trustedInterfaces = ["tailscale0"];
+  };
+}
diff --git a/hosts/m3-kratos/services/default.nix b/hosts/m3-kratos/services/default.nix
index 3ca540f..2674a00 100644
--- a/hosts/m3-kratos/services/default.nix
+++ b/hosts/m3-kratos/services/default.nix
@@ -11,6 +11,7 @@
     hypridle.enable = true;
     printing.enable = true;
     gvfs.enable = true;
+    tailscale.enable = true;
     trezord.enable = true;
     gnome.gnome-keyring.enable = true;
     qdrant.enable = true;