Working proxy implementation for jichan.org

hosts/elnudrop/modules/headscale.nix

@@ -0,0 +1,25 @@
+{ config, ... }:
+
+let
+  baseDomain = "elnu.com";
+  domain = "headscale.${baseDomain}";
+in {
+  services.headscale = {
+    enable = true;
+    address = "0.0.0.0";
+    port = 8080;
+    settings = {
+      server_url = "https://${domain}";
+      dns_config.base_domain = baseDomain;
+    };
+  };
+  environment.systemPackages = [ config.services.headscale.package ];
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${ toString config.services.headscale.port }";
+      proxyWebsockets = true;
+    };
+  };
+}

hosts/elnudrop/modules/ssh.nix

@@ -0,0 +1,10 @@
+{ user, ... }:
+
+let keys = [
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQNlGt62dBMojVCX7EUIia+wfSDfLzV4YCPi8SZ2xrp elnu@elnu.com"
+]; in
+{
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = keys;
+  users.users.${user}.openssh.authorizedKeys.keys = keys;
+}

hosts/elnudrop/modules/tailscale.nix

@@ -0,0 +1,10 @@
+{ config, ... }:
+
+{
+  services.tailscale.enable = true;
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+}