headplane_headscale_nix/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
    headscale.url = "github:juanfont/headscale";
    headplane = {
      url = "github:tale/headplane/bd8a7a56d4021edf58511c6ab333af864d91304c";  # Pin to version 0.6.0 that works with Go 1.24
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = { self, nixpkgs, headscale, headplane, ... }@inputs: {
    nixosConfigurations.headscale = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ./configuration.nix
        ./hardware-configuration.nix
        ./headscale.nix
        ./backup-monitoring.nix
        ./keycloak.nix
        ./oidc-secret.nix
        # ./oidc.nix  # Disabled - using Keycloak instead
        headplane.nixosModules.headplane
        ({ pkgs, ... }: {
          nixpkgs.overlays = [
            headplane.overlays.default
            (final: prev: {
              headplane = prev.headplane.overrideAttrs (oldAttrs: {
                postInstall = (oldAttrs.postInstall or "") + ''
                  # Patch server-build.js to handle missing availableRoutes/approvedRoutes in Headscale v0.25+ API
                  find $out/share/headplane/build/server/assets -name "server-build.js" -exec sed -i 's/node.availableRoutes.filter/(node.availableRoutes || []).filter/g' {} +
                  find $out/share/headplane/build/server/assets -name "server-build.js" -exec sed -i 's/node.approvedRoutes.some/(node.approvedRoutes || []).some/g' {} +
                  find $out/share/headplane/build/server/assets -name "server-build.js" -exec sed -i 's/node.approvedRoutes.filter/(node.approvedRoutes || []).filter/g' {} +
                  find $out/share/headplane/build/server/assets -name "server-build.js" -exec sed -i 's/node.availableRoutes.includes/(node.availableRoutes || []).includes/g' {} +
                '';
              });
            })
          ];
        })
      ];
      specialArgs = { inherit inputs; };
    };
  };
}