nixos-servers/nixos-modules/tailscale.nix
Pim Kunis 6794fce2a2 fix: Don't use tailscale DNS for physical servers
fix: Don't do rolling updates for pihole
chore: Update flake inputs
2024-07-30 20:33:07 +02:00

29 lines
711 B
Nix

{ lib, config, ... }:
let
cfg = config.lab.tailscale;
in
{
options = {
lab.tailscale.advertiseExitNode = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
config = {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/authKey".path;
useRoutingFeatures = "server";
openFirewall = true;
extraUpFlags = [
"--accept-dns=false"
"--hostname=${config.networking.hostName}"
] ++ lib.lists.optional cfg.advertiseExitNode "--advertise-exit-node"
++ lib.lists.optional cfg.advertiseExitNode "--advertise-routes=192.168.30.0/24";
};
sops.secrets."tailscale/authKey" = { };
};
}