nixos-config/services/tailscale.nix

{ config, lib, pkgs, ... }:

let
  inherit (lib)
    mkEnableOption
    mkIf
  ;

  cfg = config.my.services.tailscale;
in
{
  options.my.services.tailscale = {
    enable = mkEnableOption "Tailscale";

    # NOTE: still have to do `tailscale up --advertise-exit-node`
    exitNode = mkEnableOption "Use as exit node";
  };

  config = mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      package = pkgs.tailscale;
    };

    networking.firewall = {
      trustedInterfaces = [ "tailscale0" ];
      allowedUDPPorts = [ config.services.tailscale.port ];
    };

    # enable IP forwarding to use as exit node
    boot.kernel.sysctl = mkIf cfg.exitNode {
      "net.ipv6.conf.all.forwarding" = true;
      "net.ipv4.ip_forward" = true;
    };
  };
}
services: tailscale: move to service 2021-07-13 23:48:41 +02:00			`{ config, lib, pkgs, ... }:`

			`let`
nix: exorcise all `with <expr>;` uses 2022-01-11 16:08:21 +01:00			`inherit (lib)`
			`mkEnableOption`
			`mkIf`
			`;`

services: tailscale: move to service 2021-07-13 23:48:41 +02:00			`cfg = config.my.services.tailscale;`
			`in`
			`{`
			`options.my.services.tailscale = {`
nix: exorcise all `with <expr>;` uses 2022-01-11 16:08:21 +01:00			`enable = mkEnableOption "Tailscale";`
services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00
			# NOTE: still have to do `tailscale up --advertise-exit-node`
nix: exorcise all `with <expr>;` uses 2022-01-11 16:08:21 +01:00			`exitNode = mkEnableOption "Use as exit node";`
services: tailscale: move to service 2021-07-13 23:48:41 +02:00			`};`

			`config = mkIf cfg.enable {`
			`services.tailscale = {`
			`enable = true;`
flake: switch back entire config to unstable Mixing stable and unstable brought me weird problems, so I'm switching back to unstable entirely until it breaks hard enough to convince me to go back to stable. :) 2021-08-19 23:34:41 +02:00			`package = pkgs.tailscale;`
services: tailscale: move to service 2021-07-13 23:48:41 +02:00			`};`

			`networking.firewall = {`
			`trustedInterfaces = [ "tailscale0" ];`
			`allowedUDPPorts = [ config.services.tailscale.port ];`
			`};`

			`# enable IP forwarding to use as exit node`
services: tailscale: make exit node optional 2021-07-14 00:08:40 +02:00			`boot.kernel.sysctl = mkIf cfg.exitNode {`
services: tailscale: move to service 2021-07-13 23:48:41 +02:00			`"net.ipv6.conf.all.forwarding" = true;`
			`"net.ipv4.ip_forward" = true;`
			`};`
			`};`
			`}`