feat(networking): initial tailscale configuration
This commit is contained in:
parent
c69d38b598
commit
f983f25a53
3 changed files with 68 additions and 0 deletions
|
|
@ -18,6 +18,11 @@
|
||||||
gpu.type = "amd";
|
gpu.type = "amd";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemModules.networking.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
client = true;
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "ooksdesk";
|
hostName = "ooksdesk";
|
||||||
# useDHCP = true;
|
# useDHCP = true;
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ in
|
||||||
./ssh
|
./ssh
|
||||||
./tcp
|
./tcp
|
||||||
./resolved
|
./resolved
|
||||||
|
./tailscale
|
||||||
];
|
];
|
||||||
|
|
||||||
options.systemModule.networking.enable = mkEnableOption "Enable networking system module";
|
options.systemModule.networking.enable = mkEnableOption "Enable networking system module";
|
||||||
|
|
|
||||||
62
system/modules/networking/tailscale/default.nix
Normal file
62
system/modules/networking/tailscale/default.nix
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
{ lib, config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.systemModules.networking.tailscale;
|
||||||
|
inherit (config.services) tailscale;
|
||||||
|
inherit (lib.lists) optionals;
|
||||||
|
inherit (lib.types) bool listOf str;
|
||||||
|
inherit (lib.strings) concatStringsSep;
|
||||||
|
inherit (lib) mkIf mkEnableOption mkOption mkDefault;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.systemModules.networking.tailscale = {
|
||||||
|
enable = mkEnableOption "Enable tailscale system module";
|
||||||
|
server = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
description = "Define if the host is a server";
|
||||||
|
};
|
||||||
|
client = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = cfg.enable;
|
||||||
|
description = "Define if the host is a client";
|
||||||
|
};
|
||||||
|
tag = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default =
|
||||||
|
if cfg.client then ["tag:client"]
|
||||||
|
else if cfg.server then ["tag:server"]
|
||||||
|
else [];
|
||||||
|
description = "Sets host tag depending on if server/client";
|
||||||
|
};
|
||||||
|
operator = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "ooks";
|
||||||
|
description = "Name of the tailscale operator";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = mkDefault "both";
|
||||||
|
# permitCertUid = "root";
|
||||||
|
extraUpFlags =
|
||||||
|
[ "--ssh" "--operator=$USER" ]
|
||||||
|
++ optionals cfg.server [ "--advertise-exit-node" ]
|
||||||
|
++ optionals (cfg.tags != []) ["--advertise-tags" (concatStringsSep "," cfg.tags)];
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedUDPPorts = [tailscale.port];
|
||||||
|
trustedInterfaces = ["${tailscale.interfaceName}"];
|
||||||
|
checkReversePath = "loose";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.wait-online.ignoredInterfaces = ["${tailscale.interfaceName}"];
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.tailscale ];
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue