31 lines
853 B
Nix
31 lines
853 B
Nix
{ pkgs-unstable, ... }: {
|
|
# Enable tailscale and open port 22 on it
|
|
services.tailscale = {
|
|
enable = true;
|
|
package = pkgs-unstable.tailscale;
|
|
interfaceName = "tailscale0";
|
|
extraDaemonFlags = [
|
|
"--no-logs-no-support"
|
|
];
|
|
extraUpFlags = [
|
|
"--login-server=https://headscale.sysctl.io"
|
|
"--accept-dns"
|
|
"--accept-routes"
|
|
"--reset"
|
|
];
|
|
};
|
|
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
|
|
|
# This allows using an exit-node
|
|
networking.firewall.checkReversePath = "loose";
|
|
|
|
# Because of the split DNS, hosts forget which IP
|
|
# (external or internal) is promtail/loki.
|
|
# Setting them manually here helps.
|
|
|
|
# TODO: Update these when I move the server to warsaw-ovh-01
|
|
networking.extraHosts = ''
|
|
100.64.0.5 influx.sysctl.io
|
|
100.64.0.5 loki.sysctl.io
|
|
'';
|
|
}
|