20 lines
745 B
Nix
20 lines
745 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
# exit nodes must be approved in admin interface
|
|
# https://login.tailscale.com/admin/machines
|
|
/* imports = [ ./tailscale-inner.nix ]; */
|
|
|
|
# if host is _upgraded_ to exit node, reload with
|
|
# sudo systemctl start tailscaled-autoconnect
|
|
# or maybe even
|
|
# sudo systemctl start tailscaled-set
|
|
services.tailscale.useRoutingFeatures = "both";
|
|
services.tailscale.extraSetFlags = [ "--advertise-exit-node" ];
|
|
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
|
|
|
# # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups
|
|
# # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
|
|
# networking.firewall.checkReversePath = "loose";
|
|
}
|