From 91124b5f7a2687fdba3cba9c8936cc57fcb672ee Mon Sep 17 00:00:00 2001
From: Devin Finlinson <devin.finlinson@pm.me>
Date: Mon, 11 Dec 2023 21:57:07 +0000
Subject: trying cadd reverse proxy, looks easier to configure

---
 modules/nixos/headscale.nix | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

(limited to 'modules')

diff --git a/modules/nixos/headscale.nix b/modules/nixos/headscale.nix
index a4c9308..bde6fae 100644
--- a/modules/nixos/headscale.nix
+++ b/modules/nixos/headscale.nix
@@ -15,27 +15,32 @@ in {
       };
     };
 
-    nginx.virtualHosts.${subDomain} = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass =
-          "http://localhost:${toString config.services.headscale.port}";
-        proxyWebsockets = true;
-      };
-    };
-  };
+  #   nginx.virtualHosts.${subDomain} = {
+  #     forceSSL = true;
+  #     enableACME = true;
+  #     locations."/" = {
+  #       proxyPass =
+  #         "http://localhost:${toString config.services.headscale.port}";
+  #       proxyWebsockets = true;
+  #     };
+  #   };
+  # };
+
+  # environment.systemPackages = [ config.services.headscale.package ];
 
-  environment.systemPackages = [ config.services.headscale.package ];
+  # security.acme = {
+  #   acceptTerms = true;
+  #   email = "devin.finlinson@pm.me";
+  # };
 
-  security.acme = {
-    acceptTerms = true;
+  services.caddy = {
+    enable = true;
     email = "devin.finlinson@pm.me";
+    virtualHosts.${subDomain}.extraConfig = ''
+      reverse_proxy http://localhost:${toString config.services.headscale.port}
+    '';
   };
 
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
 
-- 
cgit v1.2.3