Use Tailscale

2022-06-23 22:30:07 -04:00
parent eef574c9f7
commit aa7bbc5932
5 changed files with 36 additions and 1 deletions
--- a/common/network/default.nix
+++ b/common/network/default.nix
@@ -1,10 +1,23 @@
 { config, lib, ... }:

+with lib;
+
+let
+  cfg = config.networking;
+in
 {
  imports = [
    ./hosts.nix
    ./pia-openvpn.nix
+    ./tailscale.nix
    ./vpn.nix
    ./zerotier.nix
  ];
+
+  options.networking.ip_forward = mkEnableOption "Enable ip forwarding";
+
+  config = mkIf cfg.ip_forward {
+    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+  };
 }
--- a/common/network/tailscale.nix
+++ b/common/network/tailscale.nix
@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.tailscale;
+in
+{
+  options.services.tailscale.exitNode = mkEnableOption "Enable exit node support";
+
+  config.services.tailscale.enable = true;
+
+  # exit node
+  config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose";
+  config.networking.ip_forward = mkIf cfg.exitNode true;
+}
--- a/common/network/vpn.nix
+++ b/common/network/vpn.nix
@@ -88,7 +88,7 @@ in
    networking.nat.internalInterfaces = [
      "ve-${cfg.containerName}"
    ];
-    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+    networking.ip_forward = true;

    # assumes only one potential interface
    networking.usePredictableInterfaceNames = false;