nixos-servers/modules/tailscale.nix

40 lines
900 B
Nix
Raw Normal View History

{
2024-10-28 13:12:06 +00:00
lib,
config,
...
}: let
cfg = config.lab.tailscale;
in {
options = {
lab.tailscale = {
enable = lib.mkEnableOption "tailscale";
advertiseExitNode = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
};
config = lib.mkIf cfg.enable {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/authKey".path;
useRoutingFeatures = "server";
openFirewall = true;
2024-10-28 13:12:06 +00:00
extraUpFlags =
[
"--accept-dns=false"
"--hostname=${config.networking.hostName}"
]
++ lib.lists.optional cfg.advertiseExitNode "--advertise-exit-node"
++ lib.lists.optional cfg.advertiseExitNode "--advertise-routes=192.168.30.0/24";
};
2024-10-28 13:12:06 +00:00
sops.secrets."tailscale/authKey" = {};
2024-10-28 13:12:06 +00:00
systemd.network.wait-online.ignoredInterfaces = ["tailscale0"];
};
}