pederbs/config
2
2
Fork 0
Code Issues Pull Requests Releases Activity

ljasdjklasdljasdljk

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2025-11-07 14:48:26 +01:00
parent 41e1915f15
commit d0eff972df
14 changed files with 291 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
profiles/tailscale/exit-node.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, lib, ... }:
let
exitNodeFlags = [
"--advertise-exit-node"
# "--exit-node-allow-lan-access"
# "--exit-node-allow-incoming-wan-access"
];
in
{
# exit nodes must be approved in admin interface
# https://login.tailscale.com/admin/machines
/* imports = [ ./inner.nix ]; */
config = lib.mkIf (!config.virtualisation.isVmVariant) {
# if host is _upgraded_ to exit node, reload with
# sudo systemctl start tailscaled-autoconnect
# or maybe even
# sudo systemctl start tailscaled-set
services.tailscale.useRoutingFeatures = "both";
services.tailscale.extraSetFlags = exitNodeFlags;
services.tailscale.extraUpFlags = exitNodeFlags;
# # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
# # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
# networking.firewall.checkReversePath = "loose";
};
}