From 0574a44093384d94fbb8ff006e30f02459907a3b Mon Sep 17 00:00:00 2001
From: root <root@pastila>
Date: Fri, 14 Jun 2024 22:48:21 +0200
Subject: [PATCH] nixfmt pastila/headscale.nix

---
 pastila/headscale.nix | 81 ++++++++++++++++++++++---------------------
 1 file changed, 41 insertions(+), 40 deletions(-)

diff --git a/pastila/headscale.nix b/pastila/headscale.nix
index c504cca..b3244f3 100644
--- a/pastila/headscale.nix
+++ b/pastila/headscale.nix
@@ -1,9 +1,7 @@
 { config, lib, pkgs, ... }:
 
-let
-  localListenPort = 4443;
-in
-{
+let localListenPort = 4443;
+in {
   services.headscale = {
     enable = true;
     address = "127.0.0.1";
@@ -13,31 +11,31 @@ in
 
       dns_config = {
         override_local_dns = true;
-	base_domain = "infracoll.su";
+        base_domain = "infracoll.su";
       };
 
       derp = {
-        urls = [];
-	server = {
-	  # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
-	  # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
-	  enabled = true;
+        urls = [ ];
+        server = {
+          # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
+          # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
+          enabled = true;
 
-	  # Region ID to use for the embedded DERP server.
-	  # The local DERP prevails if the region ID collides with other region ID coming from
-	  # the regular DERP config.
-	  region_id = 999;
+          # Region ID to use for the embedded DERP server.
+          # The local DERP prevails if the region ID collides with other region ID coming from
+          # the regular DERP config.
+          region_id = 999;
 
-	  # Region code and name are displayed in the Tailscale UI to identify a DERP region
-	  region_code = "headscale";
-	  region_name = "Headscale Embedded DERP";
+          # Region code and name are displayed in the Tailscale UI to identify a DERP region
+          region_code = "headscale";
+          region_name = "Headscale Embedded DERP";
 
-	  # Listens over UDP at the configured address for STUN connections - to help with NAT traversal.
+          # Listens over UDP at the configured address for STUN connections - to help with NAT traversal.
           # When the embedded DERP server is enabled stun_listen_addr MUST be defined.
           #
           # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
-	  stun_listen_addr = "0.0.0.0:3478";
-	};
+          stun_listen_addr = "0.0.0.0:3478";
+        };
       };
 
       # List of IP prefixes to allocate tailaddresses from.
@@ -49,10 +47,7 @@ in
       # IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
       # IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
       # Any other range is NOT supported, and it will cause unexpected issues.
-      ip_prefixes = [
-        "fd7a:115c:a1e0::/48"
-	"100.64.0.0/10"
-      ];
+      ip_prefixes = [ "fd7a:115c:a1e0::/48" "100.64.0.0/10" ];
 
       # Address to listen for gRPC.
       # gRPC is used for controlling a headscale server
@@ -67,9 +62,7 @@ in
       # are doing.
       grpc_allow_insecure = true; # we're behind a reverse proxy
 
-      logtail = {
-        enabled = false;
-      };
+      logtail = { enabled = false; };
     };
   };
 
@@ -81,16 +74,16 @@ in
       proxyPass = "http://127.0.0.1:" + builtins.toString localListenPort;
       recommendedProxySettings = false;
       extraConfig = ''
-	proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-        proxy_set_header Host $server_name;
-        proxy_redirect http:// https://;
-        proxy_buffering off;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
-        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+        	proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection $connection_upgrade;
+                proxy_set_header Host $server_name;
+                proxy_redirect http:// https://;
+                proxy_buffering off;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+                add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
       '';
     };
   };
@@ -100,8 +93,16 @@ in
     useACMEHost = "scale.isomorphis.me";
     onlySSL = true;
     listen = [
-      { addr = "0.0.0.0"; port = 50443; ssl = true; }
-      { addr = "[::]"; port = 50443; ssl = true; }
+      {
+        addr = "0.0.0.0";
+        port = 50443;
+        ssl = true;
+      }
+      {
+        addr = "[::]";
+        port = 50443;
+        ssl = true;
+      }
     ];
     locations."/" = {
       extraConfig = ''
@@ -113,4 +114,4 @@ in
   security.acme.certs."scale.isomorphis.me" = {
     group = config.services.nginx.group;
   };
-}
\ No newline at end of file
+}