From 1d8750efede661167234a536dea60b44e8e811d7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 23:48:41 +0200 Subject: [PATCH] services: tailscale: move to service --- hosts/boreal/default.nix | 7 ++----- hosts/poseidon/default.nix | 19 ++----------------- services/default.nix | 1 + services/tailscale.nix | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 services/tailscale.nix diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 3ccfe73..1640821 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -32,11 +32,6 @@ in }; }; - services.tailscale = { - enable = true; - package = pkgs.unstable.tailscale; - }; - networking.hostName = "boreal"; # Define your hostname. networking.domain = "alarsyo.net"; @@ -87,6 +82,8 @@ in pipewire.enable = true; + tailscale.enable = true; + wireguard = { enable = false; iface = "wg"; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 298f35d..c5d6b97 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -21,11 +21,6 @@ in boot.supportedFilesystems = [ "btrfs" ]; - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = true; - "net.ipv4.ip_forward" = true; - }; - services.btrfs = { autoScrub = { enable = true; @@ -33,18 +28,6 @@ in }; }; - services.tailscale = { - enable = true; - package = pkgs.unstable.tailscale; - }; - systemd.services.tailscaled = { - path = [ pkgs.procps ]; - }; - networking.firewall = { - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; - }; - virtualisation.docker = { enable = true; }; @@ -140,6 +123,8 @@ in enable = true; }; + tailscale.enable = true; + tgv = { enable = true; }; diff --git a/services/default.nix b/services/default.nix index 1761fc1..c108814 100644 --- a/services/default.nix +++ b/services/default.nix @@ -19,6 +19,7 @@ ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix + ./tailscale.nix ./tgv.nix ./transmission.nix ./wireguard.nix diff --git a/services/tailscale.nix b/services/tailscale.nix new file mode 100644 index 0000000..75fef50 --- /dev/null +++ b/services/tailscale.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.tailscale; +in +{ + options.my.services.tailscale = { + enable = lib.mkEnableOption "Tailscale"; + }; + + config = mkIf cfg.enable { + services.tailscale = { + enable = true; + package = pkgs.unstable.tailscale; + }; + + # FIXME: remove when upgrading to 21.11, added to module by default + systemd.services.tailscaled = { + path = [ pkgs.procps ]; + }; + + networking.firewall = { + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + + # enable IP forwarding to use as exit node + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv4.ip_forward" = true; + }; + }; +}