machine[selene]: headscale hosting

machines/selene/configuration.nix

@@ -1,4 +1,4 @@
-{ ... }: {
+{ pkgs, config, ... }: {
   imports = [
     ./hardware-configuration.nix
   ];
@@ -13,6 +13,43 @@
     ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/QDX2Ex5rol7Cxr3paGipIhCBG/T6EsBZfJpwmPrcY Idylls services key''
   ];
 
+  services.tailscale = {
+    enable = true;
+    interfaceName = "olympus";
+  };
+
+  services.headscale = {
+    enable = true;
+    address = "127.0.0.1";
+    port = 8777;
+    settings = {
+      server_url = "https://headscale.idylls.net";
+      dns_config.base_domain = "olympus.wg";
+    };
+  };
+
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "headscale.idylls.net" = {
+        extraConfig = ''
+          reverse_proxy ${config.services.headscale.address}:${builtins.toString config.services.headscale.port}
+        '';
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    tailscale
+    headscale
+  ];
+
+  networking.firewall = {
+    trustedInterfaces = [ config.services.tailscale.interfaceName ];
+    allowedUDPPorts = [ config.services.headscale.port ];
+    allowedTCPPorts = [ config.services.headscale.port 80 443 ];
+  };
+
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   system.stateVersion = "23.05";
 }