config/profiles/vpn-pbsds/tailscale.nix

42 lines
1.2 KiB
Nix
Raw Normal View History

2024-01-27 03:47:28 +01:00
{ config, pkgs, lib, ...}:
2024-12-26 01:18:01 +01:00
# THIS IS NOT USED
# see tailscale-{inner,outer}.nix instead
2024-01-27 03:47:28 +01:00
let
cfg = config.services.tailscale;
in
2024-12-26 01:18:01 +01:00
lib.mkIf (!config.virtualisation.isVmVariant)
2024-01-26 23:59:48 +01:00
{
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";
2024-01-27 03:47:28 +01:00
networking.firewall.trustedInterfaces = [ cfg.interfaceName ];
networking.firewall.allowedUDPPorts = [ cfg.port ];
2024-01-26 23:59:48 +01:00
2024-01-27 03:47:28 +01:00
/** /
2024-12-26 01:18:01 +01:00
systemd.services."tailscale-autoconnect" = lib.mkIf cfg.enable {
2024-01-27 03:47:28 +01:00
serviceConfig.Type = "oneshot";
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "tailscale.service" ];
script = ''
sleep 60 # Wait for tailscaled to settle
2024-01-26 23:59:48 +01:00
2024-12-26 01:18:01 +01:00
status="$(${lib.getExe cfg.package} status -json | ${lib.getExe pkgs.jq} -r .BackendState)"
2024-01-27 03:47:28 +01:00
if [ $status = "Running" ]; then
exit 0 # already authenticated
fi
2024-12-26 01:18:01 +01:00
#${lib.getExe cfg.package} up -authkey tskey-examplekeyhere
2024-01-27 03:47:28 +01:00
'';
};
/**/
# remote sudo nixos-rebuild switch --flake . -L
# remote-quick sudo tailscale up --login-server 'https://head.pbsds.net'
# ssh noximilien.pbsds.net sudo headscale --namespace 'ts' nodes register --key <machine_key>
2024-01-26 23:59:48 +01:00
}