trustmeim.gay
Personal Nix flake
nixos
home-manager
nix
feat: Add vars.networking, advertise routes on tailscale for servers
+25
-2
+9
nix/nixos/modules/tailscale/default.nix
+9
nix/nixos/modules/tailscale/default.nix
···
27
27
default = false;
28
28
type = lib.types.bool;
29
29
};
30
+
advertise.routes = lib.mkOption {
31
+
description = "routes to advertise";
32
+
default = [];
33
+
type = with lib.types; listOf str;
34
+
};
30
35
advertise.tags = lib.mkOption {
31
36
description = "ACL tags to advertise";
32
37
default = ["nixos"];
···
51
56
inherit (cfg) authKeyParameters;
52
57
enable = true;
53
58
authKeyFile = config.my.secrets."tailscale-oauth-secret".path;
59
+
disableUpstreamLogging = true;
54
60
extraUpFlags =
55
61
[
56
62
"--accept-dns"
···
61
67
]
62
68
++ lib.optionals cfg.advertise.exitNode [
63
69
"--advertise-exit-node"
70
+
]
71
+
++ lib.optionals (cfg.advertise.routes != []) [
72
+
"--advertise-routes=${lib.concatStringsSep "," cfg.advertise.routes}"
64
73
]
65
74
++ lib.optionals (tags != []) [
66
75
"--advertise-tags=${formattedTags}"
+8
-2
nix/nixos/profiles/server.nix
+8
-2
nix/nixos/profiles/server.nix
···
1
1
{
2
2
config,
3
3
lib,
4
+
self,
4
5
...
5
6
}: let
7
+
inherit (self.vars.networks.home) routingPrefix;
6
8
cfg = config.my.profiles.server;
7
9
in {
8
10
options.my.profiles.server = lib.mkEnableOption "server profile";
9
11
config = lib.mkIf cfg {
10
12
my = {
11
-
networking.tailscale.enable = true;
12
-
networking.tailscale.trusted = true;
13
+
networking.tailscale = {
14
+
enable = true;
15
+
trusted = true;
16
+
advertise.exitNode = true;
17
+
advertise.routes = [routingPrefix];
18
+
};
13
19
};
14
20
15
21
documentation.man.cache.enable = false;
+1
vars/default.nix
+1
vars/default.nix