modules.services.derp: init

2026-01-12 01:29:24 +08:00 · 2025-11-06 17:59:43 +08:00
parent 6ab49d58c6
commit 3dfdb36728
2 changed files with 45 additions and 0 deletions
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -61,6 +61,7 @@ inputs:
        beesd."/" = {};
        bind = {};
        headscale = {};
+        derp = {};
      };
    };
    networking.nftables.tables.forward =
--- a/modules/services/derp.nix
+++ b/modules/services/derp.nix
@@ -0,0 +1,44 @@
+inputs:
+{
+  options.nixos.services.derp = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule { options =
+    {
+      hostname = mkOption { type = types.nonEmptyStr; default = "derp.headscale.chn.moe"; };
+    };});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) derp; in inputs.lib.mkIf (derp != null)
+  {
+    services.tailscale.derper =
+    {
+      enable = true;
+      domain = derp.hostname;
+      configureNginx = false;
+      # TODO: set after tailscale works
+      # verifyClients = true;
+    };
+    nixos.services.nginx =
+    {
+      https.${derp.hostname} =
+      {
+        global =
+        {
+          rewriteHttps = false;
+          extraConfig =
+          ''
+            proxy_buffering off;
+            proxy_read_timeout 3600s;
+          '';
+        };
+        location."/".proxy =
+        {
+          upstream = "http://127.0.0.1:${builtins.toString inputs.config.services.tailscale.derper.port}";
+          websocket = true;
+        };
+      };
+      http.${derp.hostname}.proxy.upstream =
+        "http://127.0.0.1:${builtins.toString inputs.config.services.tailscale.derper.port}";
+    };
+  };
+}