2024-08-11 13:43:36 +02:00
|
|
|
{ pkgs-unstable, pkgs, ... }: {
|
2023-08-23 07:30:15 +02:00
|
|
|
# Enable tailscale and open port 22 on it
|
2023-08-31 07:54:16 +02:00
|
|
|
services.tailscale = {
|
|
|
|
enable = true;
|
2024-08-11 13:43:36 +02:00
|
|
|
package = pkgs-unstable.tailscale;
|
2023-08-31 07:54:16 +02:00
|
|
|
interfaceName = "tailscale0";
|
|
|
|
extraUpFlags = [
|
2023-09-15 16:50:03 +02:00
|
|
|
"--login-server=https://headscale.sysctl.io"
|
2023-08-31 13:29:14 +02:00
|
|
|
"--accept-dns"
|
|
|
|
"--accept-routes"
|
2024-08-11 13:43:36 +02:00
|
|
|
"--reset"
|
2023-08-31 07:54:16 +02:00
|
|
|
];
|
|
|
|
};
|
2023-08-23 10:14:13 +02:00
|
|
|
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
2024-01-05 06:59:23 +01:00
|
|
|
|
2024-01-06 09:03:14 +01:00
|
|
|
# This allows using an exit-node
|
|
|
|
networking.firewall.checkReversePath = "loose";
|
|
|
|
|
2024-01-08 00:10:56 +01:00
|
|
|
# Because of the split DNS, hosts forget which IP
|
2024-01-05 06:59:23 +01:00
|
|
|
# (external or internal) is promtail/loki.
|
|
|
|
# Setting them manually here helps.
|
|
|
|
networking.extraHosts = ''
|
|
|
|
100.64.0.14 influx.sysctl.io
|
|
|
|
100.64.0.14 loki.sysctl.io
|
|
|
|
'';
|
2024-02-20 03:04:49 +01:00
|
|
|
}
|