alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

services: tailscale: refacto

Browse source
This commit is contained in:
Antoine Martin 2023-12-13 17:43:53 +01:00
parent 2a49eea1bf
commit 89c861c974
5 changed files with 23 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hosts/boreal/default.nix
View file

@ -75,7 +75,10 @@
pipewire.enable = true; pipewire.enable = true;
tailscale.enable = true; tailscale = {
enable = true;
useRoutingFeatures = "both";
};
}; };
services = { services = {

2
hosts/hades/default.nix
View file

@ -133,7 +133,7 @@ in {
tailscale = { tailscale = {
enable = true; enable = true;
exitNode = true; useRoutingFeatures = "server";
}; };
transmission = { transmission = {

6
hosts/hephaestus/default.nix
View file

@ -49,7 +49,11 @@
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {
tailscale.enable = true; tailscale = {
enable = true;
useRoutingFeatures = "client";
};
pipewire.enable = true; pipewire.enable = true;
restic-backup = { restic-backup = {

5
hosts/thanatos/default.nix
View file

@ -28,7 +28,10 @@ in {
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {
tailscale.enable = true; tailscale = {
enable = true;
useRoutingFeatures = "both";
};
}; };
services = { services = {

22
services/tailscale.nix
View file

@ -8,34 +8,30 @@
(lib) (lib)
mkEnableOption mkEnableOption
mkIf mkIf
mkOption
types
; ;
cfg = config.my.services.tailscale; cfg = config.my.services.tailscale;
in { in {
options.my.services.tailscale = { options.my.services.tailscale = {
enable = mkEnableOption "Tailscale"; enable = mkEnableOption "Tailscale";
useRoutingFeatures = mkOption {
# NOTE: still have to do `tailscale up --advertise-exit-node` type = types.enum ["none" "client" "server" "both"];
exitNode = mkEnableOption "Use as exit node"; default = "none";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.tailscale = { services.tailscale = {
enable = true; enable = true;
package = pkgs.tailscale; package = pkgs.tailscale;
openFirewall = true;
useRoutingFeatures = cfg.useRoutingFeatures;
}; };
networking.firewall = { networking.firewall = {
trustedInterfaces = ["tailscale0"]; trustedInterfaces = [config.services.tailscale.interfaceName];
allowedUDPPorts = [config.services.tailscale.port];
# needed for exit node usage
checkReversePath = mkIf (!cfg.exitNode) "loose";
};
# enable IP forwarding to use as exit node
boot.kernel.sysctl = mkIf cfg.exitNode {
"net.ipv6.conf.all.forwarding" = true;
"net.ipv4.ip_forward" = true;
}; };
}; };
} }