Antoine Martin
bdd0748620
Mixing stable and unstable brought me weird problems, so I'm switching back to unstable entirely until it breaks hard enough to convince me to go back to stable. :)
34 lines
739 B
Nix
34 lines
739 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.my.services.tailscale;
|
|
in
|
|
{
|
|
options.my.services.tailscale = {
|
|
enable = lib.mkEnableOption "Tailscale";
|
|
|
|
# NOTE: still have to do `tailscale up --advertise-exit-node`
|
|
exitNode = lib.mkEnableOption "Use as exit node";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.tailscale = {
|
|
enable = true;
|
|
package = pkgs.tailscale;
|
|
};
|
|
|
|
networking.firewall = {
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
|
};
|
|
|
|
# enable IP forwarding to use as exit node
|
|
boot.kernel.sysctl = mkIf cfg.exitNode {
|
|
"net.ipv6.conf.all.forwarding" = true;
|
|
"net.ipv4.ip_forward" = true;
|
|
};
|
|
};
|
|
}
|