blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lfrc symlink

Browse Source
This commit is contained in:
blake
2025-10-13 20:05:19 -05:00
parent 1d1a13d9ce
commit afb451d3cc
7 changed files with 35 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
modules/system/tailscale.nix
View File

@@ -1,10 +1,12 @@
{ pkgs, config, lib, ... }:
let
{
pkgs,
config,
lib,
...
}: let
cfg = config.modules.system.tailscale;
authkey_file = config.sops.secrets."tailscale_authkey".path;
in
{
in {
options.modules.system.tailscale = {
enable = lib.mkEnableOption "enables tailscale";
};
@@ -15,14 +17,18 @@ in
useRoutingFeatures = "both";
authKeyFile = authkey_file;
extraUpFlags = [
"--accept-routes=false" # true is equilivant to useRoutingFeatures = "client" (breaks shit)
"--accept-dns=true" # explicitly allow resolved
"--accept-routes=false" # true is equilivant to useRoutingFeatures = "client" (breaks shit)
"--accept-dns=true" # explicitly allow resolved
];
};
# network config
networking.firewall.trustedInterfaces = ["tailscale0"];
networking.firewall.allowedUDPPorts = [config.services.tailscale.port];
# declare authkey secrets
sops.secrets = {
"tailscale_authkey" = {
"tailscale_authkey" = {
owner = "root";
};
};