nixos: make more "traits" mixins

author: Seth Flynn <[email protected]> 2025-02-13 16:54:19 -0500
committer: Seth Flynn <[email protected]> 2025-02-13 22:09:11 -0500
commit: 386ecf3d14ea486aba523b14200fcd2e7e04b9d6 (patch)
tree: c9009fe26ece76f0c9d76ba89895094ee500b054 /modules/nixos/mixins/tailscale.nix
parent: fdd2dd359c1d72b9ebeb676efb4141b5536f160c (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/modules/nixos/mixins/tailscale.nix b/modules/nixos/mixins/tailscale.nix
new file mode 100644
index 0000000..177aa90
--- /dev/null
+++ b/modules/nixos/mixins/tailscale.nix
@@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.services.tailscale;
+
+  usingTailscaleSSH = lib.elem "--ssh" config.services.tailscale.extraUpFlags;
+in
+
+{
+  config = lib.mkMerge [
+    {
+      services.tailscale = {
+        openFirewall = true;
+      };
+    }
+
+    (lib.mkIf cfg.enable {
+      networking.firewall = {
+        # Trust all connections over Tailscale
+        trustedInterfaces = [ config.services.tailscale.interfaceName ];
+      };
+    })
+
+    (lib.mkIf (cfg.enable && usingTailscaleSSH) {
+      networking.firewall = {
+        allowedTCPPorts = [ 22 ];
+      };
+    })
+  ];
+}
author	Seth Flynn <[email protected]>	2025-02-13 16:54:19 -0500
committer	Seth Flynn <[email protected]>	2025-02-13 22:09:11 -0500
commit	386ecf3d14ea486aba523b14200fcd2e7e04b9d6 (patch)
tree	c9009fe26ece76f0c9d76ba89895094ee500b054 /modules/nixos/mixins/tailscale.nix
parent	fdd2dd359c1d72b9ebeb676efb4141b5536f160c (diff)