diff options
| author | seth <[email protected]> | 2023-07-15 03:38:58 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-07-15 04:15:21 -0400 |
| commit | a2399cd55d21d2cdddedd59a759739a6132283c4 (patch) | |
| tree | 142cab42ed01859fd92548f5cc88dc972540c503 /modules/nixos/features | |
| parent | bfc96e7544e17c01a02b2c37dde48599bccdb2fe (diff) | |
modules/tailscale: only create autoconnect service when ssh is enabled
Diffstat (limited to 'modules/nixos/features')
| -rw-r--r-- | modules/nixos/features/tailscale.nix | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index 1c307bb..0a41a73 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -6,7 +6,7 @@ ... }: let cfg = config.getchoo.features.tailscale; - inherit (lib) mkDefault mkEnableOption mkIf optionalString; + inherit (lib) mkDefault mkEnableOption mkIf optionalAttrs; in { options.getchoo.features.tailscale = { enable = mkEnableOption "enable support for tailscale"; @@ -26,7 +26,7 @@ in { allowedUDPPorts = [config.services.tailscale.port]; trustedInterfaces = ["tailscale0"]; } - // lib.optionalAttrs cfg.ssh.enable { + // optionalAttrs cfg.ssh.enable { allowedTCPPorts = [22]; }; @@ -35,31 +35,33 @@ in { }; # https://tailscale.com/kb/1096/nixos-minecraft/ - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; + systemd.services = mkIf cfg.ssh.enable { + tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; + after = ["network-pre.target" "tailscale.service"]; + wants = ["network-pre.target" "tailscale.service"]; + wantedBy = ["multi-user.target"]; - serviceConfig.Type = "oneshot"; + serviceConfig.Type = "oneshot"; - script = let - inherit (pkgs) tailscale jq; - in '' - # wait for tailscaled to settle - sleep 2 + script = let + inherit (pkgs) tailscale jq; + in '' + # wait for tailscaled to settle + sleep 2 - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up ${optionalString cfg.ssh.enable "--ssh"} \ - --auth-key "file:${config.age.secrets.tailscaleAuthKey.path}" - ''; + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up --ssh \ + --auth-key "file:${config.age.secrets.tailscaleAuthKey.path}" + ''; + }; }; }; } |