2024-07-23 20:50:11 +00:00
|
|
|
{
|
2024-10-28 13:12:06 +00:00
|
|
|
lib,
|
|
|
|
|
config,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
|
|
|
|
cfg = config.lab.tailscale;
|
|
|
|
|
in {
|
2024-07-23 20:50:11 +00:00
|
|
|
options = {
|
2024-08-25 15:04:31 +00:00
|
|
|
lab.tailscale = {
|
|
|
|
|
enable = lib.mkEnableOption "tailscale";
|
|
|
|
|
|
|
|
|
|
advertiseExitNode = lib.mkOption {
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
};
|
2024-07-23 20:50:11 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-25 15:04:31 +00:00
|
|
|
config = lib.mkIf cfg.enable {
|
2024-07-22 20:54:08 +00:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
authKeyFile = config.sops.secrets."tailscale/authKey".path;
|
2024-07-23 20:50:11 +00:00
|
|
|
useRoutingFeatures = "server";
|
|
|
|
|
openFirewall = true;
|
2024-07-22 20:54:08 +00:00
|
|
|
|
2024-10-28 13:12:06 +00:00
|
|
|
extraUpFlags =
|
|
|
|
|
[
|
|
|
|
|
"--accept-dns=false"
|
|
|
|
|
"--hostname=${config.networking.hostName}"
|
|
|
|
|
]
|
|
|
|
|
++ lib.lists.optional cfg.advertiseExitNode "--advertise-exit-node"
|
|
|
|
|
++ lib.lists.optional cfg.advertiseExitNode "--advertise-routes=192.168.30.0/24";
|
2024-07-22 20:54:08 +00:00
|
|
|
};
|
|
|
|
|
|
2024-10-28 13:12:06 +00:00
|
|
|
sops.secrets."tailscale/authKey" = {};
|
2024-08-25 15:04:31 +00:00
|
|
|
|
2024-10-28 13:12:06 +00:00
|
|
|
systemd.network.wait-online.ignoredInterfaces = ["tailscale0"];
|
2024-07-22 20:54:08 +00:00
|
|
|
};
|
|
|
|
|
}
|
