From 18c899d963a29d343dd3e312bfaf98f3530d694f Mon Sep 17 00:00:00 2001
From: sohalt <sohalt@sohalt.net>
Date: Tue, 7 Jun 2022 23:21:13 +0200
Subject: [PATCH 1/2] nixos/headscale: only set oidc secret if not null

---
 nixos/modules/services/networking/headscale.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix
index 5b07beadb45f..d62b2bf9d7ca 100644
--- a/nixos/modules/services/networking/headscale.nix
+++ b/nixos/modules/services/networking/headscale.nix
@@ -434,7 +434,9 @@ in
           export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.database.passwordFile})"
         ''}
 
-        export HEADSCALE_OIDC_CLIENT_SECRET="$(head -n1 ${escapeShellArg cfg.openIdConnect.clientSecretFile})"
+        ${optionalString (cfg.openIdConnect.clientSecretFile != null) ''
+          export HEADSCALE_OIDC_CLIENT_SECRET="$(head -n1 ${escapeShellArg cfg.openIdConnect.clientSecretFile})"
+        ''}
         exec ${cfg.package}/bin/headscale serve
       '';
 

From f1669775bc34e3a578d711ddc6514b174b11d2d1 Mon Sep 17 00:00:00 2001
From: sohalt <sohalt@sohalt.net>
Date: Tue, 7 Jun 2022 23:22:05 +0200
Subject: [PATCH 2/2] nixos/headscale: do not run gin webframework in debug
 mode

---
 nixos/modules/services/networking/headscale.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix
index d62b2bf9d7ca..a9958c884da8 100644
--- a/nixos/modules/services/networking/headscale.nix
+++ b/nixos/modules/services/networking/headscale.nix
@@ -429,6 +429,8 @@ in
       wantedBy = [ "multi-user.target" ];
       restartTriggers = [ configFile ];
 
+      environment.GIN_MODE = "release";
+
       script = ''
         ${optionalString (cfg.database.passwordFile != null) ''
           export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.database.passwordFile})"