services: tailscale: refacto

base: programs: cleanup path
base: programs: enable tmux globally
2023-12-13 17:43:53 +01:00 · 2023-12-13 17:39:30 +01:00 · 2023-12-13 17:39:14 +01:00
6 changed files with 28 additions and 34 deletions
--- a/base/programs.nix
+++ b/base/programs.nix
@ -3,6 +3,7 @@
    fish.enable = true;
    less.enable = true;
    mosh.enable = true;
+    tmux.enable = true;

    # setcap wrapper for network permissions
    bandwhich.enable = true;
@ -21,11 +22,11 @@
      (pkgs)
      # shell usage

+      bat
      fd
      file
      ripgrep
      sd
-      tmux
      tokei
      tree
      wget
@ -34,37 +35,24 @@
      usbutils
      # development

+      agenix
      alejandra
      git
      git-crypt
      git-lfs
      gnumake
      gnupg
-      kakoune
      pinentry-qt
      python3
      vim
      # terminal utilities
      
-      bottom
      dogdns
      du-dust
      htop
      ldns # drill
-      tealdeer
      unzip
      zip
-      # nix pkgs lookup
-      
-      nix-index
-      agenix
-      cachix
-      ;
-
-    inherit
-      (pkgs.llvmPackages_16)
-      bintools
-      clang
      ;
  };
 }
--- a/hosts/boreal/default.nix
+++ b/hosts/boreal/default.nix
@ -75,7 +75,10 @@

    pipewire.enable = true;

-    tailscale.enable = true;
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "both";
+    };
  };

  services = {
--- a/hosts/hades/default.nix
+++ b/hosts/hades/default.nix
@ -133,7 +133,7 @@ in {

    tailscale = {
      enable = true;
-      exitNode = true;
+      useRoutingFeatures = "server";
    };

    transmission = {
--- a/hosts/hephaestus/default.nix
+++ b/hosts/hephaestus/default.nix
@ -49,7 +49,11 @@

  # List services that you want to enable:
  my.services = {
-    tailscale.enable = true;
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "client";
+    };
+
    pipewire.enable = true;

    restic-backup = {
--- a/hosts/thanatos/default.nix
+++ b/hosts/thanatos/default.nix
@ -28,7 +28,10 @@ in {

  # List services that you want to enable:
  my.services = {
-    tailscale.enable = true;
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "both";
+    };
  };

  services = {
--- a/services/tailscale.nix
+++ b/services/tailscale.nix
@ -8,34 +8,30 @@
    (lib)
    mkEnableOption
    mkIf
+    mkOption
+    types
    ;

  cfg = config.my.services.tailscale;
 in {
  options.my.services.tailscale = {
    enable = mkEnableOption "Tailscale";
-
-    # NOTE: still have to do `tailscale up --advertise-exit-node`
-    exitNode = mkEnableOption "Use as exit node";
+    useRoutingFeatures = mkOption {
+      type = types.enum [ "none" "client" "server" "both" ];
+      default = "none";
+    };
  };

  config = mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      package = pkgs.tailscale;
+      openFirewall = true;
+      useRoutingFeatures = cfg.useRoutingFeatures;
    };

    networking.firewall = {
-      trustedInterfaces = ["tailscale0"];
-      allowedUDPPorts = [config.services.tailscale.port];
-      # needed for exit node usage
-      checkReversePath = mkIf (!cfg.exitNode) "loose";
-    };
-
-    # enable IP forwarding to use as exit node
-    boot.kernel.sysctl = mkIf cfg.exitNode {
-      "net.ipv6.conf.all.forwarding" = true;
-      "net.ipv4.ip_forward" = true;
+      trustedInterfaces = [config.services.tailscale.interfaceName];
    };
  };
 }
Author	SHA1	Message	Date
Antoine Martin	73cb52915f	services: tailscale: refacto	2023-12-13 17:43:53 +01:00
Antoine Martin	b5e1c6c608	base: programs: cleanup path	2023-12-13 17:39:30 +01:00
Antoine Martin	693e44a8fe	base: programs: enable tmux globally	2023-12-13 17:39:14 +01:00