nix/nixos/common/services/tailscale.nix

32 lines
853 B
Nix
Raw Normal View History

2024-08-14 05:26:22 +02:00
{ pkgs-unstable, ... }: {
2023-08-23 07:30:15 +02:00
# Enable tailscale and open port 22 on it
2023-08-31 07:54:16 +02:00
services.tailscale = {
enable = true;
2024-08-11 13:43:36 +02:00
package = pkgs-unstable.tailscale;
2023-08-31 07:54:16 +02:00
interfaceName = "tailscale0";
2024-12-11 18:17:55 +01:00
extraDaemonFlags = [
"--no-logs-no-support"
];
2023-08-31 07:54:16 +02:00
extraUpFlags = [
2023-09-15 16:50:03 +02:00
"--login-server=https://headscale.sysctl.io"
2023-08-31 13:29:14 +02:00
"--accept-dns"
"--accept-routes"
2024-08-11 13:43:36 +02:00
"--reset"
2023-08-31 07:54:16 +02:00
];
};
2023-08-23 10:14:13 +02:00
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
2024-01-05 06:59:23 +01:00
2024-01-06 09:03:14 +01:00
# This allows using an exit-node
networking.firewall.checkReversePath = "loose";
2024-01-08 00:10:56 +01:00
# Because of the split DNS, hosts forget which IP
2024-01-05 06:59:23 +01:00
# (external or internal) is promtail/loki.
# Setting them manually here helps.
2024-08-14 05:26:22 +02:00
# TODO: Update these when I move the server to warsaw-ovh-01
2024-01-05 06:59:23 +01:00
networking.extraHosts = ''
100.64.0.5 influx.sysctl.io
100.64.0.5 loki.sysctl.io
2024-01-05 06:59:23 +01:00
'';
2024-02-20 03:04:49 +01:00
}