default.nix (1049B) - Raw
1 { 2 config, 3 lib, 4 myData, 5 ... 6 }: 7 let 8 cfg = config.mj.services.tailscale; 9 inherit (lib) 10 mkMerge 11 types 12 mkEnableOption 13 mkOption 14 mkIf 15 ; 16 in 17 { 18 options.mj.services.tailscale = with types; { 19 enable = mkEnableOption "Enable tailscale"; 20 acceptDNS = mkOption { 21 type = bool; 22 default = true; 23 }; 24 # https://github.com/tailscale/tailscale/issues/1548 25 verboseLogs = mkOption { 26 type = bool; 27 default = false; 28 }; 29 }; 30 31 config = mkIf cfg.enable (mkMerge [ 32 { 33 services.tailscale = { 34 enable = true; 35 extraUpFlags = [ 36 "--operator=${config.mj.username}" 37 ]; 38 extraSetFlags = [ 39 "--accept-dns=${if cfg.acceptDNS then "true" else "false"}" 40 "--accept-routes=true" 41 ]; 42 }; 43 networking.firewall.checkReversePath = "loose"; 44 networking.firewall.allowedUDPPorts = [ myData.ports.tailscale ]; 45 } 46 (mkIf (!cfg.verboseLogs) { systemd.services.tailscaled.serviceConfig.StandardOutput = "null"; }) 47 ]); 48 }