From de0a499a56ee0d70aef7d6ce15544c7665f51f86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Thu, 16 Jan 2025 22:20:46 +0200 Subject: [PATCH] nixos/headscale: remove much-loosened-up server_url check server_url check [has been loosened upstream][1] and backported to NixOS[2]. The new, much looser check, is not practical to be implemented in Nix (you are welcome to give it a try; I've implemented the original one). Since the surface area is much smaller now (and the scenario much less common), I think we can remove this assertion altogether. [1]: https://github.com/juanfont/headscale/pull/2248 [2]: https://github.com/NixOS/nixpkgs/pull/358255 --- nixos/modules/services/networking/headscale.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index 495dc6650e60b..bca8493c867f9 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -559,16 +559,6 @@ in config = lib.mkIf cfg.enable { assertions = [ - { - # This is stricter than it needs to be but is exactly what upstream does: - # https://github.com/kradalby/headscale/blob/adc084f20f843d7963c999764fa83939668d2d2c/hscontrol/types/config.go#L799 - assertion = - with cfg.settings; - dns.use_username_in_magic_dns or false - || dns.base_domain == "" - || !lib.hasInfix dns.base_domain server_url; - message = "server_url cannot contain the base_domain, this will cause the headscale server and embedded DERP to become unreachable from the Tailscale node."; - } { assertion = with cfg.settings; dns.magic_dns -> dns.base_domain != ""; message = "dns.base_domain must be set when using MagicDNS";