tailscale: Move to separate module

2023-12-20 11:34:47 +01:00 · 2023-12-20 11:34:47 +01:00 · 5f971a03d9
commit 5f971a03d9
parent e6f7adb423
3 changed files with 21 additions and 3 deletions
--- a/machines/loki/configuration.nix
+++ b/machines/loki/configuration.nix
@ -64,6 +64,7 @@
    };
    podman.enable = true;
    tablet.enable = false;
+    tailscale.enable = true;
    sound = {
      enable = true;
      jack = true;
@ -131,7 +132,7 @@
    };

    firewall = {
-      trustedInterfaces = [ "lo" ];
+      trustedInterfaces = [ "lo" "tailscale0" ];
      allowedTCPPorts = [
        # NFS
        111
@ -331,7 +332,6 @@
    envfs.enable = false;
    cpupower-gui.enable = true;
    teamviewer.enable = true;
-    tailscale.enable = true;
    sunshine = {
      enable = true;
      user = "erwin";
--- a/machines/mimir/configuration.nix
+++ b/machines/mimir/configuration.nix
@ -93,6 +93,7 @@
    };
    sound.enable = true;
    systemd.enable = true;
+    tailscale.enable = true;
  };

  fileSystems = {
@ -349,7 +350,6 @@
    cpupower-gui.enable = true;
    flatpak.enable = true;

-    tailscale.enable = true;
    teamviewer.enable = true;

    udisks2 = {
--- a/modules/tailscale/default.nix
+++ b/modules/tailscale/default.nix
@ -0,0 +1,18 @@
+{ config, lib, ... }:
+with lib;
+let
+  cfg = config.eboskma.tailscale;
+in
+{
+  options.eboskma.tailscale = { enable = mkEnableOption "tailscale"; };
+
+  config = mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+    };
+
+    systemd.services.tailscaled.environment = {
+      TS_DEBUG_FIREWALL_MODE = "auto";
+    };
+  };
+}