diff --git a/pastila/headscale.nix b/pastila/headscale.nix index b3244f3..38df35b 100644 --- a/pastila/headscale.nix +++ b/pastila/headscale.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ... }: -let localListenPort = 4443; +let + localListenPort = 4443; + localGrpcPort = 50442; + externalGrpcPort = 50443; in { services.headscale = { enable = true; @@ -54,7 +57,7 @@ in { # remotely with the CLI # Note: Remote access _only_ works if you have # valid certificates. - grpc_listen_addr = "127.0.0.1:50442"; + grpc_listen_addr = "127.0.0.1:" + builtins.toString localGrpcPort; # Allow the gRPC admin interface to run in INSECURE # mode. This is not recommended as the traffic will @@ -95,18 +98,18 @@ in { listen = [ { addr = "0.0.0.0"; - port = 50443; + port = externalGrpcPort; ssl = true; } { addr = "[::]"; - port = 50443; + port = externalGrpcPort; ssl = true; } ]; locations."/" = { extraConfig = '' - grpc_pass grpc://127.0.0.1:50442; + grpc_pass grpc://127.0.0.1:${builtins.toString localGrpcPort}; ''; }; };