feat: add tailscale
Tailscale is a VPN which allows easily connecting lots of different
devices together and accessing them via easy-to-remember names. We want
to use it to make development and server management easier
Change-Id: I76a95258664410ba0e10a08853c646aa54689714
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/738
Reviewed-by: Samuel Shuert <coded@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
diff --git a/modules/nixos/tailscale/default.nix b/modules/nixos/tailscale/default.nix
new file mode 100644
index 0000000..4ae39d9
--- /dev/null
+++ b/modules/nixos/tailscale/default.nix
@@ -0,0 +1,43 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ cfg = config.chimera.networking.tailscale;
+in {
+ options.chimera.networking.tailscale = {
+ enable = lib.mkOption {
+ description = "Enable tailscale for this system";
+ default = true;
+ type = lib.types.bool;
+ };
+ runExitNode.enable = lib.mkEnableOption "Enable this system as an exit node on the tailnet";
+ server = lib.mkOption {
+ description = "Set where your control plane server is";
+ default = "https://clicks.domains";
+ example = "https://controlplane.tailscale.com";
+ };
+ authKeyFile = lib.mkOption {
+ type = lib.types.nullOr lib.types.str;
+ description = "Path to key file for tailscale";
+ default = null;
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.tailscale = {
+ enable = true;
+ useRoutingFeatures = if cfg.runExitNode.enable then "server" else "client";
+ extraUpFlags = [
+ "--login-server=${cfg.server}"
+ "--accept-routes"
+ "--ssh"
+ ] ++ (if cfg.runExitNode.enable then [
+ "--advertise-exit-node"
+ "--exit-node-allow-lan-access"
+ ] else []);
+ authKeyFile = lib.mkIf (cfg.authKeyFile != null) cfg.authKeyFile;
+ };
+ };
+}