{pkgs, ...}: { project.name = "headscale"; networks.dmz = { name = "dmz"; external = true; }; services = { headscale.service = { image = "headscale/headscale:0.22.3-debug"; container_name = "headscale"; restart = "always"; command = "headscale serve"; labels = { "traefik.enable" = "true"; "traefik.http.services.headscale.loadbalancer.server.port" = "8080"; "traefik.http.routers.headscale.service" = "headscale"; "traefik.http.routers.headscale.entrypoints" = "websecure"; "traefik.http.routers.headscale.rule" = "Host(`headscale.ghoscht.com`)"; "traefik.http.routers.headscale.tls" = "true"; "traefik.http.routers.headscale.tls.certresolver" = "letsencrypt"; "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080"; "traefik.http.routers.headscale-external.service" = "headscale-external"; "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)"; "traefik.http.routers.headscale-external.entrypoints" = "websecure-external"; "traefik.http.routers.headscale-external.tls" = "true"; "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt"; }; volumes = [ "/home/ghoscht/.docker/headscale/headscale_config:/etc/headscale" "/home/ghoscht/.docker/headscale/headscale_data:/var/lib/headscale" ]; networks = [ "dmz" ]; }; headscale-ui.service = { image = "ghcr.io/gurucomputing/headscale-ui:2024.02.24-beta1"; container_name = "headscale-ui"; restart = "always"; labels = { "traefik.enable" = "true"; "traefik.http.routers.headscale-ui.entrypoints" = "websecure"; "traefik.http.routers.headscale-ui.rule" = "PathPrefix(`/web`)&&Host(`headscale.ghoscht.com`)"; "traefik.http.services.headscale-ui.loadbalancer.server.port" = "80"; "traefik.http.routers.headscale-ui.tls" = "true"; "traefik.http.routers.headscale-ui.tls.certresolver" = "letsencrypt"; }; networks = [ "dmz" ]; }; }; }