Initial commit

hosts/cryodev-main/services/headplane.nix

@@ -0,0 +1,35 @@
+{
+  config,
+  pkgs,
+  outputs,
+  constants,
+  ...
+}:
+
+{
+  imports = [
+    outputs.nixosModules.headplane
+  ];
+
+  services.headplane = {
+    enable = true;
+    port = constants.services.headplane.port;
+    headscale = {
+      url = "http://127.0.0.1:${toString constants.services.headscale.port}";
+      public_url = "https://${constants.services.headscale.fqdn}";
+    };
+    # Secrets for headplane need to be configured via sops
+    sops.secrets = {
+      "headplane/cookie_secret" = { };
+      "headplane/agent_pre_authkey" = { };
+    };
+  };
+
+  services.nginx.virtualHosts."${constants.services.headplane.fqdn}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString constants.services.headplane.port}";
+    };
+  };
+}