nix/nixos/common/services/tailscale.nix

31 lines
853 B
Nix

{ pkgs-unstable, ... }: {
# Enable tailscale and open port 22 on it
services.tailscale = {
enable = true;
package = pkgs-unstable.tailscale;
interfaceName = "tailscale0";
extraDaemonFlags = [
"--no-logs-no-support"
];
extraUpFlags = [
"--login-server=https://headscale.sysctl.io"
"--accept-dns"
"--accept-routes"
"--reset"
];
};
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
# This allows using an exit-node
networking.firewall.checkReversePath = "loose";
# Because of the split DNS, hosts forget which IP
# (external or internal) is promtail/loki.
# Setting them manually here helps.
# TODO: Update these when I move the server to warsaw-ovh-01
networking.extraHosts = ''
100.64.0.5 influx.sysctl.io
100.64.0.5 loki.sysctl.io
'';
}