services: tailscale: move to service

2021-07-13 23:48:41 +02:00 · 2021-07-13 23:48:41 +02:00 · 1d8750efed
commit 1d8750efed
parent 3862992b76
4 changed files with 40 additions and 22 deletions
--- a/services/tailscale.nix
+++ b/services/tailscale.nix
@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.my.services.tailscale;
+in
+{
+  options.my.services.tailscale = {
+    enable = lib.mkEnableOption "Tailscale";
+  };
+
+  config = mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      package = pkgs.unstable.tailscale;
+    };
+
+    # FIXME: remove when upgrading to 21.11, added to module by default
+    systemd.services.tailscaled = {
+      path = [ pkgs.procps ];
+    };
+
+    networking.firewall = {
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+
+    # enable IP forwarding to use as exit node
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv4.ip_forward" = true;
+    };
+  };
+}