2 files changed, 43 insertions, 1 deletions

diff --git a/flake.nix b/flake.nix
index b388225..ede1201 100644
--- a/flake.nix
+++ b/flake.nix
@@ -232,7 +232,7 @@
         ];
         # specialArgs = { inherit inputs; };
       };
-      doretta = nixpkgs.lib.nixosSystem {
+      doretta = nixpkgs.lib.nixosSystem { # this is my build server
         modules = [
           ./machines/doretta/configuration.nix
           ./machines/doretta/hardware-configuration.nix
@@ -242,6 +242,18 @@
           ./modules/nixos/system-packages.nix
         ];
       };
+      bosco = nixpkgs.lib.nixosSystem { # this is my networking server
+        modules = [
+          ./machines/bosco/configuration.nix
+          ./machines/bosco/hardware-configuration.nix
+
+          ./modules/nixos/nix-common.nix
+          ./modules/nixos/environment.nix
+          ./modules/nixos/system-packages.nix
+
+          ./modules/nixos/headscale.nix
+        ];
+      };
       khad = nixpkgs.lib.nixosSystem {
         modules = [
           ./machines/khad/configuration.nix
diff --git a/modules/nixos/headscale.nix b/modules/nixos/headscale.nix
new file mode 100644
index 0000000..a38008e
--- /dev/null
+++ b/modules/nixos/headscale.nix
@@ -0,0 +1,30 @@
+{config, pkgs, ...}:
+let 
+  domain = "wormcar.gay";
+  subDomain = "bosco." + "${domain}";
+in {
+  services = {
+    headscale = {
+      enable = true;
+      address = "0.0.0.0";
+      port = 8080;
+      settings = { 
+        logtail.enabled = false; 
+        serverUrl = "https://${subDomain}";
+        dns_config.base_domain = "${domain}";
+      };
+    };
+
+    nginx.virtualHosts.${subDomain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass =
+          "http://localhost:${toString config.services.headscale.port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  environment.systemPackages = [ config.services.headscale.package ];
+}