pederbs/config
2
1
Fork 0
Code Issues Pull Requests Releases Activity

lakjsd

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2025-08-10 02:39:01 +02:00
parent 4c1f58dbb3
commit a22c0b8f2b
4 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/default.nix
View File

@@ -88,7 +88,7 @@ let
nord = mk "pbsds.net" "x86_64-linux" input-views.inputs-2505 "24.11" [ ts1 au ];
sopp = mk "pbsds.net" "x86_64-linux" input-views.inputs-edge "24.11" [ ts1 au nixld p1005 ];
bjarte = mk "pbsds.net" "x86_64-linux" input-views.inputs-edge "24.11" [ ts1 nixld ];
bolle = mk "pbsds.net" "x86_64-linux" input-views.inputs-edge "24.11" [ ts2 au ];
bolle = mk "pbsds.net" "x86_64-linux" input-views.inputs-edge "24.11" [ ts2 au tse ];
eple = mk "pbsds.net" "x86_64-linux" input-views.inputs-2505 "24.11" [ ts1 au tse dns64 ];
garp = mk "pbsds.net" "x86_64-linux" input-views.inputs-2505 "24.11" [ ts2 au ];
# hasselknippe= mk "pbsds.net" "aarch64-linux" input-views.inputs-2405 "24.05" [ ts1 hw.pine64-pinebook-pro ];

4
profiles/tailscale-exit-node.nix
View File

@@ -12,4 +12,8 @@
services.tailscale.useRoutingFeatures = "both";
services.tailscale.extraSetFlags = [ "--advertise-exit-node" ];
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
# # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
# # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
# networking.firewall.checkReversePath = "loose";
}

9
profiles/tailscale-inner.nix
View File

@@ -17,9 +17,12 @@ lib.mkIf (!config.virtualisation.isVmVariant)
services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey-inner.path; # also enables autoconnect
sops.secrets.tailscale-authkey-inner.sopsFile = ../secrets/tailscale-inner.yaml;
# Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
# https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
networking.firewall.checkReversePath = "loose";
# # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
# # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
# networking.firewall.checkReversePath = "loose";
# TODO: why do people do this?
# networking.firewall.trustedInterfaces = [ interfaceName ];
# done in profiles/sshd/ts-only.nix:
# networking.firewall.interfaces.${interfaceName} = {

9
profiles/tailscale-outer.nix
View File

@@ -17,9 +17,12 @@ lib.mkIf (!config.virtualisation.isVmVariant)
services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey-outer.path; # also enables autoconnect
sops.secrets.tailscale-authkey-outer.sopsFile = ../secrets/tailscale-outer.yaml;
# Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
# https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
networking.firewall.checkReversePath = "loose";
# # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
# # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
# networking.firewall.checkReversePath = "loose";
# TODO: why do people do this?
# networking.firewall.trustedInterfaces = [ interfaceName ];
# done in profiles/sshd/ts-only.nix:
# networking.firewall.interfaces.${interfaceName} = {