modules/nixos/features/tailscale.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

{
  config,
  lib,
  ...
}: let
  cfg = config.getchoo.features.tailscale;
  inherit (lib) mkDefault mkEnableOption mkIf;
in {
  options.getchoo.features.tailscale.enable = mkEnableOption "enable support for tailscale";

  config = mkIf cfg.enable {
    services = {
      tailscale.enable = mkDefault true;
    };

    networking.firewall = {
      allowedUDPPorts = [config.services.tailscale.port];
      checkReversePath = "loose";
      trustedInterfaces = mkDefault ["tailscale0"];
    };
  };
}