42 lines
868 B
Nix
42 lines
868 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
inherit
|
|
(lib)
|
|
mkEnableOption
|
|
mkIf
|
|
;
|
|
|
|
cfg = config.my.services.tailscale;
|
|
in {
|
|
options.my.services.tailscale = {
|
|
enable = mkEnableOption "Tailscale";
|
|
|
|
# NOTE: still have to do `tailscale up --advertise-exit-node`
|
|
exitNode = mkEnableOption "Use as exit node";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.tailscale = {
|
|
enable = true;
|
|
package = pkgs.tailscale;
|
|
};
|
|
|
|
networking.firewall = {
|
|
trustedInterfaces = ["tailscale0"];
|
|
allowedUDPPorts = [config.services.tailscale.port];
|
|
# needed for exit node usage
|
|
checkReversePath = mkIf (!cfg.exitNode) "loose";
|
|
};
|
|
|
|
# enable IP forwarding to use as exit node
|
|
boot.kernel.sysctl = mkIf cfg.exitNode {
|
|
"net.ipv6.conf.all.forwarding" = true;
|
|
"net.ipv4.ip_forward" = true;
|
|
};
|
|
};
|
|
}
|