(tailscale) migrate back to upstream module for testing

fbegyn · Jan 9, 2024 · bad90c8 · bad90c8
1 parent 42fa54a
commit bad90c8
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 20 deletions.
diff --git a/hosts/ania/configuration.nix b/hosts/ania/configuration.nix
@@ -114,7 +114,7 @@
   programs.gnupg.package = pkgs.unstable.gnupg;
   services.tailscale = {
     enable = true;
-    package = pkgs.unstable.tailscale;
+    useRoutingFeatures = "client";
   };
 
   home-manager.users.francis.home.stateVersion = "23.05";

diff --git a/hosts/bia/configuration.nix b/hosts/bia/configuration.nix
@@ -105,14 +105,9 @@
   fbegyn.x.xautolock = false;
 
   # tailscale machine specific
-  fbegyn.services.tailscale = let
-    hosts = import ../../secrets/hosts.nix;
-  in {
+  services.tailscale = {
     enable = true;
-    autoprovision = {
-      enable = false;
-      key = "${hosts.bia.tailscale.oneoffkey}";
-    };
+    useRoutingFeatures = "client";
   };
 
   # configure the systems wake on lan settings

diff --git a/hosts/eos/configuration.nix b/hosts/eos/configuration.nix
@@ -98,18 +98,18 @@ in {
   };
 
   # VPN settings
-  fbegyn.services.tailscale = {
+  services.tailscale = {
     enable = true;
-    routingFeature = "server";
-    autoprovision = {
-      enable = true;
-      key = "${hosts.tailscale.tempkey}";
-      options = [
-        "--advertise-routes=${hosts.eos.tailscale.routes}"
-        "--advertise-exit-node"
-        "--advertise-tags=tag:prod,tag:dcf,tag:hass"
-      ];
-    };
+    useRoutingFeatures = "server";
+    # autoprovision = {
+    #   enable = true;
+    #   key = "${hosts.tailscale.tempkey}";
+    #   options = [
+    #     "--advertise-routes=${hosts.eos.tailscale.routes}"
+    #     "--advertise-exit-node"
+    #     "--advertise-tags=tag:prod,tag:dcf,tag:hass"
+    #   ];
+    # };
   };
 
   # Web/ingress

diff --git a/services/tailscale.nix b/services/tailscale.nix
@@ -2,6 +2,7 @@
 
 let
   cfg = config.fbegyn.services.tailscale;
+  isNetworkd = config.networking.useNetworkd;
 in
 with lib; {
   options.fbegyn.services.tailscale = {
@@ -89,12 +90,14 @@ with lib; {
       "net.ipv6.conf.all.forwarding" = mkOverride 97 true;
     };
 
+    networking.firewall.checkReversePath = mkIf (cfg.routingFeature == "client" || cfg.routingFeature == "both") "loose";
+
     systemd.services.tailscale = {
       enable = true;
       description = "Tailscale node agent";
       documentation = [ "https://tailscale.com/kb/" ];
       path = [
-	config.networking.resolvconf.package # for configuring DNS in some configs
+        config.networking.resolvconf.package # for configuring DNS in some configs
         pkgs.procps     # for collecting running services (opt-in feature)
         pkgs.glibc
       ];