James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lock down services to LAN

Browse Source
This commit is contained in:
James Eversole
2025-04-22 13:40:41 -05:00
parent 2034274ee0
commit b27d748e30
3 changed files with 22 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nix/application/headscale.nix
View File

@ -4,7 +4,10 @@
address = "0.0.0.0";
port = 35893;
settings = {
dns.base_domain = "vpn.matri.cx";
dns = {
base_domain = "vpn.matri.cx";
nameservers.global = ["192.168.0.130" "1.1.1.1"];
};
logtail.enabled = false;
noise.private_key_path = "/var/lib/headscale/noise_private.key";
server_url = "https://vpn.matri.cx:443";
@ -12,11 +15,8 @@
};
services.tailscale = {
enable = true;
extraSetFlags = [
"--advertise-exit-node"
];
extraUpFlags = [
"--advertise-tags=tag:home-server"
"--accept-routes" "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--login-server=https://vpn.matri.cx"
];
useRoutingFeatures = "both";
};