# VPN server configuration

This is an experimental configuration for my Hetzner VPS and Cloudflare to run a VPN using OpenTofu and Nix, based on [NixOS/nixos-wiki-infra on Github](https://github.com/NixOS/nixos-wiki-infra).

## How to use

Copy `.env.example` to `.env` and fill in the values.

To generate a token with Hetzner, go to the project and click `Security -> API Tokens`.

For cross-compiling, you will need to add a builder by visiting the following resources:
- https://nix.dev/tutorials/nixos/distributed-builds-setup.html
- https://nix.dev/manual/nix/2.25/advanced-topics/distributed-builds

Run `nix develop` at the root of the project directory to access a shell where OpenTofu is accessible.

In the `targets` directory, run `./apply.sh` to update the configurations.

## VPN

To set up the VPN, on the VPS run:

```bash
headscale users create default
headscale preauthkeys create --user default --reusable
```

On the client run:

```bash
tailscale up --login-server <HEADSCALE_URL> --auth-key <KEY>
```