From f5728963e648fdc768808d2a32ffacdd3716a4a5 Mon Sep 17 00:00:00 2001
From: Vinzenz Schroeter <vinzenz.f.s@gmail.com>
Date: Sun, 4 Jan 2026 21:59:05 +0100
Subject: [PATCH] headscale: enable DERP

---
 nixosConfigurations/hetzner-vpn2/headscale.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix
index 43eda08..6eac407 100644
--- a/nixosConfigurations/hetzner-vpn2/headscale.nix
+++ b/nixosConfigurations/hetzner-vpn2/headscale.nix
@@ -2,6 +2,8 @@ let
   headscale-port = 8668;
 in
 {
+  # sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER
+
   services = {
     headscale = {
       enable = true;
@@ -13,8 +15,19 @@ in
           override_local_dns = false;
           base_domain = "high-gravity.space";
         };
+        derp = {
+          server = {
+            enabled = true;
+            verify_clients = true;
+            stun_listen_addr = "0.0.0.0:3478";
+            ipv4 = "78.46.242.90";
+            ipv6 = "2a01:4f8:c013:65dd::1";
+          };
+          urls = [ ];
+        };
       };
     };
+
     nginx.virtualHosts."uplink.darkest.space" = {
       enableACME = true;
       forceSSL = true;
@@ -24,4 +37,7 @@ in
       };
     };
   };
+
+  # for DERP
+  networking.firewall.allowedUDPPorts = [ 3478 ];
 }