From 01513e980f94bc348c30a18b730b7990cee61a10 Mon Sep 17 00:00:00 2001
From: albert <albert@sysctl.io>
Date: Mon, 23 Dec 2024 21:01:56 +0100
Subject: [PATCH] Update Docker / Podman to allow Tailscale as a trusted
 netwoork

---
 nixos/common/services/docker.nix | 6 ++++++
 nixos/common/services/podman.nix | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/nixos/common/services/docker.nix b/nixos/common/services/docker.nix
index 7b2c3e04..02fd4c3d 100644
--- a/nixos/common/services/docker.nix
+++ b/nixos/common/services/docker.nix
@@ -8,6 +8,12 @@
       "net.ipv4.tcp_max_syn_backlog" = 4096;
     };
 
+    # Allow Docker containers to access Tailscale network
+    networking.firewall = {
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDP = [ 41641 ]; # Tailscale port
+    };
+
     virtualisation.docker = {
         enable = true;
         enableOnBoot = true;
diff --git a/nixos/common/services/podman.nix b/nixos/common/services/podman.nix
index 0dcedae9..dc7d6d52 100644
--- a/nixos/common/services/podman.nix
+++ b/nixos/common/services/podman.nix
@@ -6,6 +6,12 @@
       "fs.inotify.max_user_instances" = 1024;
     };
 
+    # Allow Docker containers to access Tailscale network
+    networking.firewall = {
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ 41641 ]; # Tailscale port
+  };
+
     virtualisation.podman = {
         enable = true;
         dockerSocket.enable = true;