services: tailscale: refacto
This commit is contained in:
parent
2a49eea1bf
commit
89c861c974
|
|
@ -75,7 +75,10 @@
|
||||||
|
|
||||||
pipewire.enable = true;
|
pipewire.enable = true;
|
||||||
|
|
||||||
tailscale.enable = true;
|
tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "both";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
||||||
|
|
@ -133,7 +133,7 @@ in {
|
||||||
|
|
||||||
tailscale = {
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
exitNode = true;
|
useRoutingFeatures = "server";
|
||||||
};
|
};
|
||||||
|
|
||||||
transmission = {
|
transmission = {
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,11 @@
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
tailscale.enable = true;
|
tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "client";
|
||||||
|
};
|
||||||
|
|
||||||
pipewire.enable = true;
|
pipewire.enable = true;
|
||||||
|
|
||||||
restic-backup = {
|
restic-backup = {
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,10 @@ in {
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
tailscale.enable = true;
|
tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "both";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
||||||
|
|
@ -8,34 +8,30 @@
|
||||||
(lib)
|
(lib)
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkIf
|
mkIf
|
||||||
|
mkOption
|
||||||
|
types
|
||||||
;
|
;
|
||||||
|
|
||||||
cfg = config.my.services.tailscale;
|
cfg = config.my.services.tailscale;
|
||||||
in {
|
in {
|
||||||
options.my.services.tailscale = {
|
options.my.services.tailscale = {
|
||||||
enable = mkEnableOption "Tailscale";
|
enable = mkEnableOption "Tailscale";
|
||||||
|
useRoutingFeatures = mkOption {
|
||||||
# NOTE: still have to do `tailscale up --advertise-exit-node`
|
type = types.enum ["none" "client" "server" "both"];
|
||||||
exitNode = mkEnableOption "Use as exit node";
|
default = "none";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.tailscale;
|
package = pkgs.tailscale;
|
||||||
|
openFirewall = true;
|
||||||
|
useRoutingFeatures = cfg.useRoutingFeatures;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
trustedInterfaces = ["tailscale0"];
|
trustedInterfaces = [config.services.tailscale.interfaceName];
|
||||||
allowedUDPPorts = [config.services.tailscale.port];
|
|
||||||
# needed for exit node usage
|
|
||||||
checkReversePath = mkIf (!cfg.exitNode) "loose";
|
|
||||||
};
|
|
||||||
|
|
||||||
# enable IP forwarding to use as exit node
|
|
||||||
boot.kernel.sysctl = mkIf cfg.exitNode {
|
|
||||||
"net.ipv6.conf.all.forwarding" = true;
|
|
||||||
"net.ipv4.ip_forward" = true;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue