2024-08-11 20:43:36 +09:00
|
|
|
{ pkgs-unstable, pkgs, ... }: {
|
2023-08-23 14:30:15 +09:00
|
|
|
# Enable tailscale and open port 22 on it
|
2023-08-31 14:54:16 +09:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
2024-08-11 20:43:36 +09:00
|
|
|
package = pkgs-unstable.tailscale;
|
2023-08-31 14:54:16 +09:00
|
|
|
interfaceName = "tailscale0";
|
|
|
|
|
extraUpFlags = [
|
2023-09-15 23:50:03 +09:00
|
|
|
"--login-server=https://headscale.sysctl.io"
|
2023-08-31 20:29:14 +09:00
|
|
|
"--accept-dns"
|
|
|
|
|
"--accept-routes"
|
2024-08-11 20:43:36 +09:00
|
|
|
"--reset"
|
2023-08-31 14:54:16 +09:00
|
|
|
];
|
|
|
|
|
};
|
2023-08-23 17:14:13 +09:00
|
|
|
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
2024-01-05 14:59:23 +09:00
|
|
|
|
2024-01-06 17:03:14 +09:00
|
|
|
# This allows using an exit-node
|
|
|
|
|
networking.firewall.checkReversePath = "loose";
|
|
|
|
|
|
2024-01-08 08:10:56 +09:00
|
|
|
# Because of the split DNS, hosts forget which IP
|
2024-01-05 14:59:23 +09:00
|
|
|
# (external or internal) is promtail/loki.
|
|
|
|
|
# Setting them manually here helps.
|
|
|
|
|
networking.extraHosts = ''
|
|
|
|
|
100.64.0.14 influx.sysctl.io
|
|
|
|
|
100.64.0.14 loki.sysctl.io
|
|
|
|
|
'';
|
2024-02-20 11:04:49 +09:00
|
|
|
}
|
