chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 05:49:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e067993a146f63817241a4e1d62bc957148829b9
nixos/modules/services/tailscale.nix

35 lines
1.3 KiB
Nix
Raw Blame History

inputs:
{
options.nixos.services.tailscale = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.model.arch == "x86_64" then {} else null;
};
config = let inherit (inputs.config.nixos.services) tailscale; in inputs.lib.mkIf (tailscale != null)
{
services.tailscale =
{
enable = true;
openFirewall = true;
disableTaildrop = true;
# authKeyParameters should not be set
authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" "--netfilter-mode=off" ];
extraSetFlags = [ "--accept-dns=false" "--netfilter-mode=off" ];
};
nixos.system.sops.secrets."tailscale" = {};
networking.firewall.trustedInterfaces = [ inputs.config.services.tailscale.interfaceName ];
users =
{
users.tailscale = { uid = inputs.config.nixos.user.uid.tailscale; group = "tailscale"; isSystemUser = true; };
groups.tailscale.gid = inputs.config.nixos.user.gid.tailscale;
};
systemd.services.tailscaled.serviceConfig =
{
User = "tailscale";
Group = "tailscale";
AmbientCapabilities = [ "CAP_NET_RAW" "CAP_NET_ADMIN" "CAP_SYS_MODULE" ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink