feat(tailscale): Enable warwick as exit node and subnet router

2024-07-23 22:50:11 +02:00 · 2024-07-23 22:50:11 +02:00 · 4e619eb0c4
commit 4e619eb0c4
parent 15e0dce041
3 changed files with 23 additions and 8 deletions
--- a/machines/warwick.nix
+++ b/machines/warwick.nix
@ -3,8 +3,11 @@
    arch = "aarch64-linux";
    isRaspberryPi = true;

-    nixosModule = {
-      lab.monitoring.server.enable = true;
+    nixosModule = { lib, ... }: {
+      lab = {
+        monitoring.server.enable = true;
+        tailscale.advertiseExitNode = true;
+      };

      services.bird2 = {
        enable = false;
--- a/nixos-modules/networking/default.nix
+++ b/nixos-modules/networking/default.nix
@ -2,12 +2,10 @@
  config = {
    networking = {
      domain = "dmz";
-      nftables.enable = true;
+      nftables.enable = lib.mkDefault true;
      useDHCP = false;

-      firewall = {
-        enable = true;
-      };
+      firewall.enable = lib.mkDefault true;
    };

    systemd.network = {
--- a/nixos-modules/tailscale.nix
+++ b/nixos-modules/tailscale.nix
@ -1,12 +1,26 @@
-{ config, ... }: {
+{ lib, config, ... }:
+let
+  cfg = config.lab.tailscale;
+in
+{
+  options = {
+    lab.tailscale.advertiseExitNode = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+  };
+
  config = {
    services.tailscale = {
      enable = true;
      authKeyFile = config.sops.secrets."tailscale/authKey".path;
+      useRoutingFeatures = "server";
+      openFirewall = true;

      extraUpFlags = [
        "--hostname=${config.networking.hostName}"
-      ];
+      ] ++ lib.lists.optional cfg.advertiseExitNode "--advertise-exit-node"
+      ++ lib.lists.optional cfg.advertiseExitNode "--advertise-routes=192.168.30.0/24";
    };

    sops.secrets."tailscale/authKey" = { };