cleslie/nixfiles
1
0
Fork 0
mirror of https://github.com/callumio/nixfiles.git synced 2025-12-17 03:29:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

tailscale

Browse source
This commit is contained in:
Callum Leslie 2024-09-02 15:05:48 +01:00
parent 961d41b9bf
commit c558bad713
Signed by: cleslie
GPG key ID: D382C4AFEECEAA90
15 changed files with 106 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/tailscale.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
options,
lib,
...
}:
with lib; let
cfg = config.c.services.mesh;
in {
options.c.services.mesh = {
enable = mkEnableOption "Enable tailscale daemon.";
exitNode = mkOption {
type = types.bool;
default = false;
description = "Enable advertising as an exit node.";
};
keyFile = mkOption {
type = types.path;
description = "Path to key file.";
};
};
config = mkIf cfg.enable {
services.tailscale = {
enable = true;
openFirewall = true;
#authKeyFile = config.age.secrets.mesh-conf.path;
authKeyFile = cfg.keyFile;
extraUpFlags = ["--login-server" "https://mesh.cleslie.uk"];
extraSetFlags = [(mkIf cfg.exitNode "--advertise-exit-node")];
};
networking.firewall = {
#checkReversePath = "loose";
trustedInterfaces = [config.services.tailscale.interfaceName];
};
};
}