34 lines
729 B
Nix
34 lines
729 B
Nix
|
{
|
||
|
lib,
|
||
|
pkgs,
|
||
|
config,
|
||
|
...
|
||
|
}: let
|
||
|
inherit (lib.modules) mkIf mkDefault;
|
||
|
inherit (lib.options) mkEnableOption;
|
||
|
inherit (config.services) tailscale;
|
||
|
|
||
|
sys = config.olympus.system.networking;
|
||
|
cfg = sys.tailscale;
|
||
|
in {
|
||
|
options.olympus.system.networking.tailscale = {
|
||
|
enable = mkEnableOption "Tailscale";
|
||
|
};
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
environment.systemPackages = [pkgs.tailscale];
|
||
|
|
||
|
networking.firewall = {
|
||
|
# always allow traffic from your Tailscale network
|
||
|
trustedInterfaces = ["${tailscale.interfaceName}"];
|
||
|
checkReversePath = "loose";
|
||
|
};
|
||
|
|
||
|
services.tailscale = {
|
||
|
enable = true;
|
||
|
openFirewall = true;
|
||
|
useRoutingFeatures = mkDefault "server";
|
||
|
};
|
||
|
};
|
||
|
}
|