From ff4b69e8dcf66948b99ce54bfcbefe11b3ba0675 Mon Sep 17 00:00:00 2001 From: iFargle Date: Thu, 31 Aug 2023 14:54:16 +0900 Subject: [PATCH] Add tailscale flags and update docs --- README.md | 2 ++ nixos/common/services/openssh.nix | 2 ++ nixos/common/services/tailscale.nix | 10 +++++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a30ddf0..397e0225 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ nixos-rebuild switch --flake '/etc/nixos#' ![Gruv'd Hyprland](./screenshot.png "Hyprland with a Gruvboxy theme") --- # To Do List +* [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc) +* [ ] Figure out what the home-manager `account` options are for. * [ ] Figure out how to get GPG SSH auth working * [ ] Security hardening * [ ] cronjob diff --git a/nixos/common/services/openssh.nix b/nixos/common/services/openssh.nix index 8455e856..1166739e 100644 --- a/nixos/common/services/openssh.nix +++ b/nixos/common/services/openssh.nix @@ -1,4 +1,6 @@ { config, pkgs, hostname, ... }: { + # By default no ports are open. + # When ./tailscale.nix is imported, port 22 on the tailscale interface is then opened. services.openssh = { enable = true; # Defaults to true -- I don't like it when services default to true for opening firewalls. diff --git a/nixos/common/services/tailscale.nix b/nixos/common/services/tailscale.nix index b92ea6fb..9363454c 100644 --- a/nixos/common/services/tailscale.nix +++ b/nixos/common/services/tailscale.nix @@ -1,5 +1,13 @@ { config, pkgs, ... }: { # Enable tailscale and open port 22 on it - services.tailscale.enable = true; + services.tailscale = { + enable = true; + interfaceName = "tailscale0"; + extraUpFlags = [ + --login-server='https://headscale.sysctl.io' + --accept-dns + --accept-routes + ]; + }; networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ]; } \ No newline at end of file