jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

Add authkey to tailscale module

Browse Source
This commit is contained in:
Jordan Holt 2024-05-17 23:12:51 +01:00
parent 92c3bd3a13
commit 93c04e83d3
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/networking/tailscale.nix
View File

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }: { config, inputs, lib, pkgs, ... }:
let cfg = config.modules.networking.tailscale; let
cfg = config.modules.networking.tailscale;
headscale = "https://headscale.vimium.net";
hostname = config.networking.hostName;
in { in {
options.modules.networking.tailscale = { options.modules.networking.tailscale = {
enable = lib.mkOption { enable = lib.mkOption {
@ -14,8 +17,24 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.tailscale.enable = true; age.secrets."passwords/services/tailscale/${hostname}-authkey" = {
file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
};
environment.systemPackages = [ pkgs.tailscale ];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."passwords/services/tailscale/${hostname}-authkey".path;
extraUpFlags = [
"--login-server"
headscale
];
};
services.openssh.openFirewall = !cfg.restrictSSH; services.openssh.openFirewall = !cfg.restrictSSH;
networking.firewall = { networking.firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];