From 5a69f3246c63d8a19005023c74dd6322fc265a36 Mon Sep 17 00:00:00 2001
From: Peder Bergebakken Sundt <pbsds@hotmail.com>
Date: Mon, 14 Oct 2024 11:36:47 +0200
Subject: [PATCH] tailscale exit nodes

---
 flake.nix                        | 19 ++++++++++---------
 profiles/tailscale-exit-node.nix | 14 ++++++++++++++
 2 files changed, 24 insertions(+), 9 deletions(-)
 create mode 100644 profiles/tailscale-exit-node.nix

diff --git a/flake.nix b/flake.nix
index 3649c26..cf0b676 100644
--- a/flake.nix
+++ b/flake.nix
@@ -272,6 +272,7 @@
       p1005       = ./hardware/printer/hp-laserjet-p1005.nix;
       au          = ./profiles/auto-upgrade.nix;
       ts          = ./profiles/tailscale.nix;
+      tse         = ./profiles/tailscale-exit-node.nix;
       #rb          = ./profiles/known-hosts.nix; # TODO
       nixld       = ./profiles/nix-ld.nix;
       dns64       = { config, ... }: {
@@ -282,15 +283,15 @@
       };
     in builtins.mapAttrs (hostname: curried: curried hostname) {
       #hostname        "domain"    "system"        inputs      "state" [ modules ... ]
-      noximilien  = mk "pbsds.net" "x86_64-linux"  inputs-2405 "23.11" [ au ts intel ];
-      brumlebasse = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au    amd nspawn ];
-      nord        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au ts intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ];
-      sopp        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au ts nixld intel cuda p1005 ];
-      bjarte      = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [    ts nixld intel hw.lenovo-thinkpad-x1-7th-gen ];
-      bolle       = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au    dns64 intel ];
-      eple        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au ts dns64 intel rocm ];
-      garp        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au    dns64 intel-novga cuda ];
-      hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2405 "24.05" [    ts hw.pine64-pinebook-pro ];
+      noximilien  = mk "pbsds.net" "x86_64-linux"  inputs-2405 "23.11" [ au tse intel ];
+      brumlebasse = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au     amd nspawn ];
+      nord        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au ts  intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ];
+      sopp        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au ts  nixld intel cuda p1005 ];
+      bjarte      = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [    ts  nixld intel hw.lenovo-thinkpad-x1-7th-gen ];
+      bolle       = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au     dns64 intel ];
+      eple        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au tse dns64 intel rocm ];
+      garp        = mk "pbsds.net" "x86_64-linux"  inputs-2405 "24.05" [ au     dns64 intel-novga cuda ];
+      hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2405 "24.05" [    ts  hw.pine64-pinebook-pro ];
       #gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad
       #bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist
     };
diff --git a/profiles/tailscale-exit-node.nix b/profiles/tailscale-exit-node.nix
new file mode 100644
index 0000000..0a914c8
--- /dev/null
+++ b/profiles/tailscale-exit-node.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+{
+  # exit nodes must be approved in admin interface
+  # https://login.tailscale.com/admin/machines
+  imports = [ ./tailscale.nix ];
+
+  # if host is _upgraded_ to exit node, reload with
+  #     sudo systemctl start tailscaled-autoconnect
+  # or maybe even
+  #     sudo systemctl start tailscaled-set
+  services.tailscale.useRoutingFeatures = "both";
+  services.tailscale.extraSetFlags = [ "--advertise-exit-node" ];
+}