diff options
Diffstat (limited to 'modules/nixos/sils/tailscale.nix')
| -rw-r--r-- | modules/nixos/sils/tailscale.nix | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/modules/nixos/sils/tailscale.nix b/modules/nixos/sils/tailscale.nix deleted file mode 100644 index e1f49a4..0000000 --- a/modules/nixos/sils/tailscale.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.sils.tailscale; -in { - options.sils.tailscale = { - enable = lib.mkEnableOption "Tailscale"; - openFirewall = true; - role = lib.mkOption { - type = lib.types.enum [ - "client" - "server" - ]; - }; - }; - config = lib.mkIf cfg.enable { - services.tailscale = { - enable = true; - authKeyFile = config.age.secrets.tailscale.path; - useRoutingFeatures = cfg.role; - extraDaemonFlags = [ - "--no-logs-no-support" - ]; - extraSetFlags = [ - "--accept-routes" - ]; - }; - networking.firewall = { - trustedInterfaces = ["tailscale0"]; - allowedUDPPorts = [config.services.tailscale.port]; - checkReversePath = "loose"; - }; - systemd = { - services.tailscaled.serviceConfig.Environment = [ - "TS_DEBUG_FIREWALL_MODE=nftables" - ]; - network.wait-online.enable = false; - }; - boot.initrd.systemd.network.wait-online.enable = false; - - environment.persistence."/srv".directories = [ - { - directory = "/var/lib/tailscale"; - user = "root"; - group = "root"; - mode = "0700"; - } - ]; - }; -} |