2023-09-14 14:37:55 +03:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
myData,
|
|
|
|
|
...
|
2023-09-14 15:03:00 +03:00
|
|
|
}: let
|
|
|
|
|
cfg = config.mj.services.tailscale;
|
|
|
|
|
inherit (lib) mkMerge types mkEnableOption mkOption mkIf;
|
|
|
|
|
in {
|
|
|
|
|
options.mj.services.tailscale = with types; {
|
|
|
|
|
enable = mkEnableOption "Enable tailscale";
|
2023-09-14 14:37:55 +03:00
|
|
|
# https://github.com/tailscale/tailscale/issues/1548
|
2023-10-22 23:06:06 +03:00
|
|
|
verboseLogs = mkOption {
|
2023-09-14 14:37:55 +03:00
|
|
|
type = bool;
|
2023-10-22 23:06:06 +03:00
|
|
|
default = false;
|
2023-09-14 14:37:55 +03:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-01 23:14:05 +03:00
|
|
|
config = mkIf cfg.enable (mkMerge [
|
2023-09-14 15:03:00 +03:00
|
|
|
{
|
2024-03-05 11:39:10 +02:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraUpFlags = ["--operator=${config.mj.username}"];
|
|
|
|
|
};
|
2023-09-14 14:48:54 +03:00
|
|
|
networking.firewall.checkReversePath = "loose";
|
2023-09-14 14:51:36 +03:00
|
|
|
networking.firewall.allowedUDPPorts = [myData.ports.tailscale];
|
2023-09-14 15:03:00 +03:00
|
|
|
}
|
2023-10-22 23:06:06 +03:00
|
|
|
(mkIf (!cfg.verboseLogs) {
|
2023-09-14 15:15:27 +03:00
|
|
|
systemd.services.tailscaled.serviceConfig.StandardOutput = "null";
|
2023-09-14 15:03:00 +03:00
|
|
|
})
|
|
|
|
|
]);
|
2023-09-14 14:37:55 +03:00
|
|
|
}
|
