From ffc1784f523bcec2ab45dbc45b6084a518f7aff6 Mon Sep 17 00:00:00 2001
From: blahai <github@blahai.gay>
Date: Tue, 18 Feb 2025 21:39:46 +0200
Subject: [PATCH] Networking: add tailscale

---
 modules/nixos/networking/default.nix   |  2 +-
 modules/nixos/networking/tailscale.nix | 33 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 modules/nixos/networking/tailscale.nix

diff --git a/modules/nixos/networking/default.nix b/modules/nixos/networking/default.nix
index 64b4a41..95dcc69 100644
--- a/modules/nixos/networking/default.nix
+++ b/modules/nixos/networking/default.nix
@@ -9,7 +9,7 @@ in {
     ./firewall
 
     ./ssh.nix
-    #./tailscale.nix
+    ./tailscale.nix
   ];
 
   networking = {
diff --git a/modules/nixos/networking/tailscale.nix b/modules/nixos/networking/tailscale.nix
new file mode 100644
index 0000000..d4c4927
--- /dev/null
+++ b/modules/nixos/networking/tailscale.nix
@@ -0,0 +1,33 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.options) mkEnableOption;
+  inherit (config.services) tailscale;
+
+  sys = config.olympus.system.networking;
+  cfg = sys.tailscale;
+in {
+  options.olympus.system.networking.tailscale = {
+    enable = mkEnableOption "Tailscale";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [pkgs.tailscale];
+
+    networking.firewall = {
+      # always allow traffic from your Tailscale network
+      trustedInterfaces = ["${tailscale.interfaceName}"];
+      checkReversePath = "loose";
+    };
+
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = mkDefault "server";
+    };
+  };
+}