add tailscale exit node option

2025-03-24 06:10:06 -05:00 · 2025-03-24 06:10:06 -05:00 · cf4bd31b4f
commit cf4bd31b4f
parent cfbf8675b0
2 changed files with 13 additions and 4 deletions
--- a/common/programs/tailnet.nix
+++ b/common/programs/tailnet.nix
@ -23,6 +23,11 @@ in
        default = true;
        description = "Whether to use headscale login server.";
      };
+      enableExitNode = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Whether to enable exit node.";
+      };
    };

  config = lib.mkIf cfg.enable {
@ -35,10 +40,13 @@ in
        config ? age && config.age ? secrets && config.age.secrets ? headscale_auth
      ) config.age.secrets.headscale_auth.path;
      # https://tailscale.com/kb/1241/tailscale-up
-      extraUpFlags = lib.mkIf cfg.useHeadscale [
-        "--login-server=https://headscale.joshuabell.xyz"
-        "--no-logs-support"
-      ];
+      extraUpFlags =
+        lib.mkIf cfg.useHeadscale [
+          "--login-server=https://headscale.joshuabell.xyz"
+          "--no-logs-support"
+        ]
+        ++ (lib.optional cfg.enableExitNode "--advertise-exit-node");
+
    };
    networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
    networking.firewall.checkReversePath = "loose";
--- a/hosts/lio/flake.nix
+++ b/hosts/lio/flake.nix
@ -66,6 +66,7 @@
                      rustDev.enable = true;
                      uhkAgent.enable = true;
                      tailnet.enable = true;
+                      tailnet.enableExitNode = true;
                      ssh.enable = true;
                      docker.enable = true;
                    };