From e97df2e11369852ccd22330fcde2143f2370792d Mon Sep 17 00:00:00 2001 From: blahai Date: Thu, 5 Dec 2024 16:21:51 +0200 Subject: [PATCH] Theia/Nyx: add tailscale --- hosts/theia/configuration.nix | 33 +++++++++++++++++++++++----- modules/nixos/services/default.nix | 1 + modules/nixos/services/tailscale.nix | 8 +++++++ 3 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 modules/nixos/services/tailscale.nix diff --git a/hosts/theia/configuration.nix b/hosts/theia/configuration.nix index 644869e..596e3b7 100644 --- a/hosts/theia/configuration.nix +++ b/hosts/theia/configuration.nix @@ -17,6 +17,13 @@ initrd.kernelModules = [ ]; kernelPackages = pkgs.linuxPackages_6_12; kernelModules = [ "kvm-amd" ]; + kernel = { + sysctl = { + "vm.max_map_count" = 2147483642; + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; extraModulePackages = [ ]; loader.grub = { enable = true; @@ -24,9 +31,8 @@ }; }; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "netdata" - ]; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ "netdata" ]; nix = { package = pkgs.lix; @@ -94,6 +100,21 @@ }; services = { + tailscale = { + enable = true; + useRoutingFeatures = "server"; + openFirewall = true; + }; + + networkd-dispatcher = { + enable = true; + rules."50-tailscale" = { + onState = [ "routable" ]; + script = '' + ${lib.getExe pkgs.ethtool} -K ens3 rx-udp-gro-forwarding on rx-gro-list off + ''; + }; + }; earlyoom = { enable = true; @@ -170,9 +191,7 @@ "access log" = "none"; "error log" = "syslog"; }; - package = pkgs.netdata.override { - withCloudUi = true; - }; + package = pkgs.netdata.override { withCloudUi = true; }; }; forgejo = { @@ -287,5 +306,7 @@ jq busybox fish + ethtool + networkd-dispatcher ]; } diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index e3848d0..11fbb3c 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -4,5 +4,6 @@ ./vpn.nix ./pipewire.nix ./bluetooth.nix + ./tailscale.nix ]; } diff --git a/modules/nixos/services/tailscale.nix b/modules/nixos/services/tailscale.nix new file mode 100644 index 0000000..2498bed --- /dev/null +++ b/modules/nixos/services/tailscale.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: { + services.tailscale = { + enable = true; + }; + environment.systemPackages = with pkgs; [ + trayscale + ]; +}