Compare commits
No commits in common. "73cb52915fa76ff0af3e22bd363774fd3ce4dcf7" and "a21e0fb568f99483665fabe63557d54fc470c079" have entirely different histories.
73cb52915f
...
a21e0fb568
|
@ -3,7 +3,6 @@
|
||||||
fish.enable = true;
|
fish.enable = true;
|
||||||
less.enable = true;
|
less.enable = true;
|
||||||
mosh.enable = true;
|
mosh.enable = true;
|
||||||
tmux.enable = true;
|
|
||||||
|
|
||||||
# setcap wrapper for network permissions
|
# setcap wrapper for network permissions
|
||||||
bandwhich.enable = true;
|
bandwhich.enable = true;
|
||||||
|
@ -22,11 +21,11 @@
|
||||||
(pkgs)
|
(pkgs)
|
||||||
# shell usage
|
# shell usage
|
||||||
|
|
||||||
bat
|
|
||||||
fd
|
fd
|
||||||
file
|
file
|
||||||
ripgrep
|
ripgrep
|
||||||
sd
|
sd
|
||||||
|
tmux
|
||||||
tokei
|
tokei
|
||||||
tree
|
tree
|
||||||
wget
|
wget
|
||||||
|
@ -35,24 +34,37 @@
|
||||||
usbutils
|
usbutils
|
||||||
# development
|
# development
|
||||||
|
|
||||||
agenix
|
|
||||||
alejandra
|
alejandra
|
||||||
git
|
git
|
||||||
git-crypt
|
git-crypt
|
||||||
git-lfs
|
git-lfs
|
||||||
gnumake
|
gnumake
|
||||||
gnupg
|
gnupg
|
||||||
|
kakoune
|
||||||
pinentry-qt
|
pinentry-qt
|
||||||
python3
|
python3
|
||||||
vim
|
vim
|
||||||
# terminal utilities
|
# terminal utilities
|
||||||
|
|
||||||
|
bottom
|
||||||
dogdns
|
dogdns
|
||||||
du-dust
|
du-dust
|
||||||
htop
|
htop
|
||||||
ldns # drill
|
ldns # drill
|
||||||
|
tealdeer
|
||||||
unzip
|
unzip
|
||||||
zip
|
zip
|
||||||
|
# nix pkgs lookup
|
||||||
|
|
||||||
|
nix-index
|
||||||
|
agenix
|
||||||
|
cachix
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit
|
||||||
|
(pkgs.llvmPackages_16)
|
||||||
|
bintools
|
||||||
|
clang
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,10 +75,7 @@
|
||||||
|
|
||||||
pipewire.enable = true;
|
pipewire.enable = true;
|
||||||
|
|
||||||
tailscale = {
|
tailscale.enable = true;
|
||||||
enable = true;
|
|
||||||
useRoutingFeatures = "both";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
@ -133,7 +133,7 @@ in {
|
||||||
|
|
||||||
tailscale = {
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
useRoutingFeatures = "server";
|
exitNode = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
transmission = {
|
transmission = {
|
||||||
|
|
|
@ -49,11 +49,7 @@
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
tailscale = {
|
tailscale.enable = true;
|
||||||
enable = true;
|
|
||||||
useRoutingFeatures = "client";
|
|
||||||
};
|
|
||||||
|
|
||||||
pipewire.enable = true;
|
pipewire.enable = true;
|
||||||
|
|
||||||
restic-backup = {
|
restic-backup = {
|
||||||
|
|
|
@ -28,10 +28,7 @@ in {
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
my.services = {
|
my.services = {
|
||||||
tailscale = {
|
tailscale.enable = true;
|
||||||
enable = true;
|
|
||||||
useRoutingFeatures = "both";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
@ -8,30 +8,34 @@
|
||||||
(lib)
|
(lib)
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkIf
|
mkIf
|
||||||
mkOption
|
|
||||||
types
|
|
||||||
;
|
;
|
||||||
|
|
||||||
cfg = config.my.services.tailscale;
|
cfg = config.my.services.tailscale;
|
||||||
in {
|
in {
|
||||||
options.my.services.tailscale = {
|
options.my.services.tailscale = {
|
||||||
enable = mkEnableOption "Tailscale";
|
enable = mkEnableOption "Tailscale";
|
||||||
useRoutingFeatures = mkOption {
|
|
||||||
type = types.enum [ "none" "client" "server" "both" ];
|
# NOTE: still have to do `tailscale up --advertise-exit-node`
|
||||||
default = "none";
|
exitNode = mkEnableOption "Use as exit node";
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.tailscale;
|
package = pkgs.tailscale;
|
||||||
openFirewall = true;
|
|
||||||
useRoutingFeatures = cfg.useRoutingFeatures;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
trustedInterfaces = [config.services.tailscale.interfaceName];
|
trustedInterfaces = ["tailscale0"];
|
||||||
|
allowedUDPPorts = [config.services.tailscale.port];
|
||||||
|
# needed for exit node usage
|
||||||
|
checkReversePath = mkIf (!cfg.exitNode) "loose";
|
||||||
|
};
|
||||||
|
|
||||||
|
# enable IP forwarding to use as exit node
|
||||||
|
boot.kernel.sysctl = mkIf cfg.exitNode {
|
||||||
|
"net.ipv6.conf.all.forwarding" = true;
|
||||||
|
"net.ipv4.ip_forward" = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue