From 7ded7c99e0e77e1aaf46802c42625b267ddc8a69 Mon Sep 17 00:00:00 2001 From: seth Date: Thu, 2 Nov 2023 08:15:15 -0400 Subject: modules+systems+seth: use homebrew over nix on darwin & make features module --- modules/nixos/features/tailscale.nix | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'modules/nixos/features/tailscale.nix') diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index d015437..ecb793a 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -5,18 +5,16 @@ ... }: let cfg = config.features.tailscale; - inherit (lib) mkDefault mkEnableOption mkIf optionalAttrs; - - baseDir = ../../../secrets/systems/${config.networking.hostName}; + secretsDir = ../../../secrets/systems/${config.networking.hostName}; in { options.features.tailscale = { - enable = mkEnableOption "enable support for tailscale"; - ssh.enable = mkEnableOption "enable support for tailscale ssh"; + enable = lib.mkEnableOption "enable support for tailscale"; + ssh.enable = lib.mkEnableOption "enable support for tailscale ssh"; }; - config = mkIf cfg.enable { - age.secrets = mkIf cfg.ssh.enable { - tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age"; + config = lib.mkIf cfg.enable { + age.secrets = lib.mkIf cfg.ssh.enable { + tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age"; }; networking.firewall = @@ -24,16 +22,14 @@ in { allowedUDPPorts = [config.services.tailscale.port]; trustedInterfaces = ["tailscale0"]; } - // optionalAttrs cfg.ssh.enable { + // lib.optionalAttrs cfg.ssh.enable { allowedTCPPorts = [22]; }; - services = { - tailscale.enable = mkDefault true; - }; + services.tailscale.enable = true; # https://tailscale.com/kb/1096/nixos-minecraft/ - systemd.services = mkIf cfg.ssh.enable { + systemd.services = lib.mkIf cfg.ssh.enable { tailscale-autoconnect = { description = "Automatic connection to Tailscale"; -- cgit v1.2.3