added headscale/tailscale config

hosts/Alaska/default.nix

@@ -5,10 +5,12 @@
 {
   imports = [ 
     (import ./hardware-configuration.nix)
+    (import ./modules/forgejo.nix)
     (import ./modules/nginx.nix)
     (import ./modules/nextcloud.nix)
     (import ./modules/msmtp.nix)
-    (import ./modules/forgejo.nix)
+    (import ./modules/headscale.nix)
+    (import ./modules/tailscale.nix)
   ];
 
   environment.systemPackages = [

hosts/Alaska/modules/headscale.nix

@@ -0,0 +1,17 @@
+{  config, ... }:
+
+let
+  baseDomain = "nickiel.net";
+  domain = "headscale.${baseDomain}";
+in {
+  services.headscale = {
+    enable = true;
+    address = "0.0.0.0";
+    port = 8082;
+    settings = {
+      server_url = "https://${domain}";
+      dns_config.base_domain = baseDomain;
+    };
+  };
+  environment.systemPackages = [ config.services.headscale.package ];
+}

hosts/Alaska/modules/nginx.nix

@@ -22,6 +22,13 @@
 
     virtualHosts = {
 
+      "default" = {
+        default = true;
+        serverName = null;
+        # https://stackoverflow.com/a/42802777
+        locations."/".return = "444";
+      };
+
       "jellyfin.nickiel.net" = {
           forceSSL = true;
           enableACME = true;
@@ -43,6 +50,15 @@
           locations."/".proxyPass = "http://127.0.0.1:3001";
       };
 
+      "headscale.nickiel.net" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${ toString config.services.headscale.port }";
+          proxyWebsockets = true;
+        };
+      };
+
     };
   };
 }

hosts/Alaska/modules/tailscale.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+
+{
+  services.tailscale.enable = true;
+  # Defined here to indicate the settings are related
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+}