steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions
cryodev/modules/nixos/headplane/default.nix
steffen 10bb0c8e34 add deploy/create/install apps, fix templates and docs 
- Add apps: create (scaffold host from template), deploy (multi-host
  deployment with -n filter), install (NixOS installation from live ISO)
- Register all apps in flake.nix (create, deploy, install, rebuild)
- Add deploy.json config (cryodev-main, SSH port 2299)
- Fix generic-server template: was using Pi hardware/boot config,
  now correct x86_64 with systemd-boot, UEFI, ROOT/BOOT/SWAP labels
- Fix template networking.nix: use HOSTNAME placeholder instead of
  hardcoded cryodev-pi (both templates)
- Fix headplane upstream pnpm-deps hash mismatch via overlay
- Fix all docs: replace root@ with user@, --ssh-option with
  NIX_SSHOPTS, add deploy app references, update first-install guide
  to use create app and document service deactivation steps
2026-03-14 12:08:30 +01:00

78 lines
1.8 KiB
Nix
Raw Blame History

{
inputs,
config,
lib,
pkgs,
...
}:
let
cfg = config.services.headplane;
headscale = config.services.headscale;
inherit (lib)
mkDefault
mkIf
mkOption
types
;
in
{
imports = [ inputs.headplane.nixosModules.headplane ];
options.services.headplane = {
port = mkOption {
type = types.port;
default = 3000;
description = "Port for headplane to listen on";
};
};
config = mkIf cfg.enable {
nixpkgs.overlays = [
inputs.headplane.overlays.default
# Fix upstream pnpm-deps hash mismatch (https://github.com/tale/headplane)
(final: prev: {
headplane = prev.headplane.overrideAttrs (old: {
pnpmDeps = old.pnpmDeps.overrideAttrs {
outputHash = "sha256-lk/ezsrW6JHh5nXPSstqHUbaMTeOARBGZcBSoG1S5ns=";
};
});
})
];
services.headplane = {
settings = {
server = {
host = mkDefault "127.0.0.1";
port = mkDefault cfg.port;
cookie_secret_path = config.sops.secrets."headplane/cookie_secret".path;
};
headscale = {
url = mkDefault "http://127.0.0.1:${toString headscale.port}";
public_url = mkDefault headscale.settings.server_url;
config_path = mkDefault "/etc/headscale/config.yaml";
};
integration.agent = {
enabled = mkDefault true;
pre_authkey_path = config.sops.secrets."headplane/agent_pre_authkey".path;
};
};
};
sops.secrets =
let
owner = headscale.user;
group = headscale.group;
mode = "0400";
in
{
"headplane/cookie_secret" = {
inherit owner group mode;
};
"headplane/agent_pre_authkey" = {
inherit owner group mode;
};
};
};
}
Reference in a new issue View git blame Copy permalink