From 72d7d82952b46e854d9aeb21d9aa63eea4464793 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Sat, 15 Jul 2023 03:19:10 -0400
Subject: profiles/server: start using tailscale ssh

---
 modules/nixos/features/tailscale.nix | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'modules/nixos/features/tailscale.nix')

diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix
index 042426b..1c307bb 100644
--- a/modules/nixos/features/tailscale.nix
+++ b/modules/nixos/features/tailscale.nix
@@ -26,26 +26,24 @@ in {
         allowedUDPPorts = [config.services.tailscale.port];
         trustedInterfaces = ["tailscale0"];
       }
-      // (mkIf cfg.ssh.enable {
+      // lib.optionalAttrs cfg.ssh.enable {
         allowedTCPPorts = [22];
-      });
+      };
 
     services = {
       tailscale.enable = mkDefault true;
     };
 
+    # https://tailscale.com/kb/1096/nixos-minecraft/
     systemd.services.tailscale-autoconnect = {
       description = "Automatic connection to Tailscale";
 
-      # make sure tailscale is running before trying to connect to tailscale
       after = ["network-pre.target" "tailscale.service"];
       wants = ["network-pre.target" "tailscale.service"];
       wantedBy = ["multi-user.target"];
 
-      # set this service as a oneshot job
       serviceConfig.Type = "oneshot";
 
-      # have the job run this shell script
       script = let
         inherit (pkgs) tailscale jq;
       in ''
-- 
cgit v1.2.3