Networking: add tailscale

2025-02-18 21:39:46 +02:00 · 2025-02-18 21:39:46 +02:00 · ffc1784f52
commit ffc1784f52
parent d409120c43
2 changed files with 34 additions and 1 deletions
--- a/modules/nixos/networking/default.nix
+++ b/modules/nixos/networking/default.nix
@ -9,7 +9,7 @@ in {
    ./firewall

    ./ssh.nix
-    #./tailscale.nix
+    ./tailscale.nix
  ];

  networking = {
--- a/modules/nixos/networking/tailscale.nix
+++ b/modules/nixos/networking/tailscale.nix
@ -0,0 +1,33 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.options) mkEnableOption;
+  inherit (config.services) tailscale;
+
+  sys = config.olympus.system.networking;
+  cfg = sys.tailscale;
+in {
+  options.olympus.system.networking.tailscale = {
+    enable = mkEnableOption "Tailscale";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [pkgs.tailscale];
+
+    networking.firewall = {
+      # always allow traffic from your Tailscale network
+      trustedInterfaces = ["${tailscale.interfaceName}"];
+      checkReversePath = "loose";
+    };
+
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = mkDefault "server";
+    };
+  };
+}