Compare commits
3 commits
a21e0fb568
...
73cb52915f
| Author | SHA1 | Date | |
|---|---|---|---|
 Antoine Martin
|
73cb52915f | ||
|
Antoine Martin
|
b5e1c6c608 | ||
|
Antoine Martin
|
693e44a8fe |
|
|
@ -3,6 +3,7 @@
|
|||
fish.enable = true;
|
||||
less.enable = true;
|
||||
mosh.enable = true;
|
||||
tmux.enable = true;
|
||||
|
||||
# setcap wrapper for network permissions
|
||||
bandwhich.enable = true;
|
||||
|
|
@ -20,12 +21,12 @@
|
|||
inherit
|
||||
(pkgs)
|
||||
# shell usage
|
||||
|
||||
|
||||
bat
|
||||
fd
|
||||
file
|
||||
ripgrep
|
||||
sd
|
||||
tmux
|
||||
tokei
|
||||
tree
|
||||
wget
|
||||
|
|
@ -33,38 +34,25 @@
|
|||
pciutils
|
||||
usbutils
|
||||
# development
|
||||
|
||||
|
||||
agenix
|
||||
alejandra
|
||||
git
|
||||
git-crypt
|
||||
git-lfs
|
||||
gnumake
|
||||
gnupg
|
||||
kakoune
|
||||
pinentry-qt
|
||||
python3
|
||||
vim
|
||||
# terminal utilities
|
||||
|
||||
bottom
|
||||
dogdns
|
||||
du-dust
|
||||
htop
|
||||
ldns # drill
|
||||
tealdeer
|
||||
unzip
|
||||
zip
|
||||
# nix pkgs lookup
|
||||
|
||||
nix-index
|
||||
agenix
|
||||
cachix
|
||||
;
|
||||
|
||||
inherit
|
||||
(pkgs.llvmPackages_16)
|
||||
bintools
|
||||
clang
|
||||
;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -75,7 +75,10 @@
|
|||
|
||||
pipewire.enable = true;
|
||||
|
||||
tailscale.enable = true;
|
||||
tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "both";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
|
|||
|
|
@ -133,7 +133,7 @@ in {
|
|||
|
||||
tailscale = {
|
||||
enable = true;
|
||||
exitNode = true;
|
||||
useRoutingFeatures = "server";
|
||||
};
|
||||
|
||||
transmission = {
|
||||
|
|
|
|||
|
|
@ -49,7 +49,11 @@
|
|||
|
||||
# List services that you want to enable:
|
||||
my.services = {
|
||||
tailscale.enable = true;
|
||||
tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "client";
|
||||
};
|
||||
|
||||
pipewire.enable = true;
|
||||
|
||||
restic-backup = {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,10 @@ in {
|
|||
|
||||
# List services that you want to enable:
|
||||
my.services = {
|
||||
tailscale.enable = true;
|
||||
tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "both";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
|
|||
|
|
@ -8,34 +8,30 @@
|
|||
(lib)
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
types
|
||||
;
|
||||
|
||||
cfg = config.my.services.tailscale;
|
||||
in {
|
||||
options.my.services.tailscale = {
|
||||
enable = mkEnableOption "Tailscale";
|
||||
|
||||
# NOTE: still have to do `tailscale up --advertise-exit-node`
|
||||
exitNode = mkEnableOption "Use as exit node";
|
||||
useRoutingFeatures = mkOption {
|
||||
type = types.enum [ "none" "client" "server" "both" ];
|
||||
default = "none";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
package = pkgs.tailscale;
|
||||
openFirewall = true;
|
||||
useRoutingFeatures = cfg.useRoutingFeatures;
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
allowedUDPPorts = [config.services.tailscale.port];
|
||||
# needed for exit node usage
|
||||
checkReversePath = mkIf (!cfg.exitNode) "loose";
|
||||
};
|
||||
|
||||
# enable IP forwarding to use as exit node
|
||||
boot.kernel.sysctl = mkIf cfg.exitNode {
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
"net.ipv4.ip_forward" = true;
|
||||
trustedInterfaces = [config.services.tailscale.interfaceName];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue