fix(tailscale)!: Remove protocol from login server
Having the login server have http/https means that we don't have
complete parity with our headscale service, which uses the login server
for both the url and the module. Given we believe you should be using
only https for tailscale servers anyway, we haven't added an option to
change this
Change-Id: I81189487bd19777e41dc4e88f2800758242e7698
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/783
Reviewed-by: Samuel Shuert <coded@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
diff --git a/modules/nixos/clicks/networking/tailscale/default.nix b/modules/nixos/clicks/networking/tailscale/default.nix
index 9813e35..827a3f0 100644
--- a/modules/nixos/clicks/networking/tailscale/default.nix
+++ b/modules/nixos/clicks/networking/tailscale/default.nix
@@ -21,8 +21,8 @@
};
server = lib.mkOption {
description = "Set where your control plane server is";
- default = "https://clicks.domains";
- example = "https://controlplane.tailscale.com";
+ default = "clicks.domains";
+ example = "controlplane.tailscale.com";
};
authKeyFile = lib.mkOption {
type = lib.types.str;
@@ -35,7 +35,7 @@
enable = true;
useRoutingFeatures = if cfg.runExitNode.enable then "both" else "client";
extraUpFlags = [
- "--login-server=${cfg.server}"
+ "--login-server=https://${cfg.server}"
"--accept-routes"
] ++ (if cfg.runExitNode.enable then [ "--advertise-exit-node" ] else [ ]);
authKeyFile = cfg.authKeyFile;
@@ -44,7 +44,7 @@
clicks.storage.impermanence.persist.directories = [ "/var/lib/tailscale" ];
systemd.services.tailscaled.environment.TS_NO_LOGS_NO_SUPPORT = lib.mkIf (
- cfg.server != "https://controlplane.tailscale.com"
+ cfg.server != "controlplane.tailscale.com"
) "true";
};
}