nix/nixos/common/services/tailscale.nix
2024-01-06 17:03:14 +09:00

28 lines
No EOL
738 B
Nix

{ config, pkgs, ... }: {
# Enable tailscale and open port 22 on it
services.tailscale = {
enable = true;
interfaceName = "tailscale0";
extraUpFlags = [
"--login-server=https://headscale.sysctl.io"
"--accept-dns"
"--accept-routes"
];
};
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
# This allows using an exit-node
networking.firewall.checkReversePath = "loose";
# Because of the split DNS< hosts forget which IP
# (external or internal) is promtail/loki.
# Setting them manually here helps.
networking.extraHosts = ''
100.64.0.14 influx.sysctl.io
100.64.0.14 loki.sysctl.io
'';
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = true;
};
}