From 1d8750efede661167234a536dea60b44e8e811d7 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Tue, 13 Jul 2021 23:48:41 +0200
Subject: [PATCH] services: tailscale: move to service

---
 hosts/boreal/default.nix   |  7 ++-----
 hosts/poseidon/default.nix | 19 ++-----------------
 services/default.nix       |  1 +
 services/tailscale.nix     | 35 +++++++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 22 deletions(-)
 create mode 100644 services/tailscale.nix

diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix
index 3ccfe73..1640821 100644
--- a/hosts/boreal/default.nix
+++ b/hosts/boreal/default.nix
@@ -32,11 +32,6 @@ in
     };
   };
 
-  services.tailscale = {
-    enable = true;
-    package = pkgs.unstable.tailscale;
-  };
-
   networking.hostName = "boreal"; # Define your hostname.
   networking.domain = "alarsyo.net";
 
@@ -87,6 +82,8 @@ in
 
     pipewire.enable = true;
 
+    tailscale.enable = true;
+
     wireguard = {
       enable = false;
       iface = "wg";
diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index 298f35d..c5d6b97 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -21,11 +21,6 @@ in
 
   boot.supportedFilesystems = [ "btrfs" ];
 
-  boot.kernel.sysctl = {
-    "net.ipv6.conf.all.forwarding" = true;
-    "net.ipv4.ip_forward" = true;
-  };
-
   services.btrfs = {
     autoScrub = {
       enable = true;
@@ -33,18 +28,6 @@ in
     };
   };
 
-  services.tailscale = {
-    enable = true;
-    package = pkgs.unstable.tailscale;
-  };
-  systemd.services.tailscaled = {
-      path = [ pkgs.procps ];
-  };
-  networking.firewall = {
-    trustedInterfaces = [ "tailscale0" ];
-    allowedUDPPorts = [ config.services.tailscale.port ];
-  };
-
   virtualisation.docker = {
     enable = true;
   };
@@ -140,6 +123,8 @@ in
       enable = true;
     };
 
+    tailscale.enable = true;
+
     tgv = {
       enable = true;
     };
diff --git a/services/default.nix b/services/default.nix
index 1761fc1..c108814 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -19,6 +19,7 @@
     ./pipewire.nix
     ./postgresql-backup.nix
     ./postgresql.nix
+    ./tailscale.nix
     ./tgv.nix
     ./transmission.nix
     ./wireguard.nix
diff --git a/services/tailscale.nix b/services/tailscale.nix
new file mode 100644
index 0000000..75fef50
--- /dev/null
+++ b/services/tailscale.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.my.services.tailscale;
+in
+{
+  options.my.services.tailscale = {
+    enable = lib.mkEnableOption "Tailscale";
+  };
+
+  config = mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      package = pkgs.unstable.tailscale;
+    };
+
+    # FIXME: remove when upgrading to 21.11, added to module by default
+    systemd.services.tailscaled = {
+      path = [ pkgs.procps ];
+    };
+
+    networking.firewall = {
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+
+    # enable IP forwarding to use as exit node
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv4.ip_forward" = true;
+    };
+  };
+}