ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add tailscale exit node option

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-03-24 06:10:06 -05:00
parent cfbf8675b0
commit cf4bd31b4f
2 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

16
common/programs/tailnet.nix
View file

@ -23,6 +23,11 @@ in
default = true; default = true;
description = "Whether to use headscale login server."; description = "Whether to use headscale login server.";
}; };
enableExitNode = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable exit node.";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -35,10 +40,13 @@ in
config ? age && config.age ? secrets && config.age.secrets ? headscale_auth config ? age && config.age ? secrets && config.age.secrets ? headscale_auth
) config.age.secrets.headscale_auth.path; ) config.age.secrets.headscale_auth.path;
# https://tailscale.com/kb/1241/tailscale-up # https://tailscale.com/kb/1241/tailscale-up
extraUpFlags = lib.mkIf cfg.useHeadscale [ extraUpFlags =
"--login-server=https://headscale.joshuabell.xyz" lib.mkIf cfg.useHeadscale [
"--no-logs-support" "--login-server=https://headscale.joshuabell.xyz"
]; "--no-logs-support"
]
++ (lib.optional cfg.enableExitNode "--advertise-exit-node");
}; };
networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
networking.firewall.checkReversePath = "loose"; networking.firewall.checkReversePath = "loose";

1
hosts/lio/flake.nix
View file

@ -66,6 +66,7 @@
rustDev.enable = true; rustDev.enable = true;
uhkAgent.enable = true; uhkAgent.enable = true;
tailnet.enable = true; tailnet.enable = true;
tailnet.enableExitNode = true;
ssh.enable = true; ssh.enable = true;
docker.enable = true; docker.enable = true;
}; };