nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Add tailscale firewall bypass option

Browse source
This commit is contained in:
Natsu Kagami 2025-04-08 10:23:14 +02:00
parent 0ceb61d32c
commit 97318f33f5
Signed by: nki
GPG key ID: 55A032EB38B49ADB
1 changed files with 27 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
modules/common/linux/default.nix
View file

@ -165,6 +165,32 @@ let
} }
]; ];
}; };
tailscale =
{ config, ... }:
{
options.common.linux = {
tailscale = {
firewall.allowPorts = mkOption {
type = types.listOf types.port;
description = "List of ports to allow tailscale to pass through";
default = [ ];
};
};
};
config =
let
cfg = config.common.linux.tailscale;
in
{
# Enable tailscale
services.tailscale.enable = true;
networking.firewall.interfaces."tailscale0" = {
allowedUDPPorts = cfg.firewall.allowPorts;
allowedTCPPorts = cfg.firewall.allowPorts;
};
};
};
in in
{ {
imports = with modules; [ imports = with modules; [
@ -180,6 +206,7 @@ in
accounts accounts
rt-audio rt-audio
nix-ld nix-ld
tailscale
]; ];
options.common.linux = { options.common.linux = {
@ -330,8 +357,6 @@ in
# Firewall: only open to SSH now # Firewall: only open to SSH now
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ 22 ];
# Enable tailscale
services.tailscale.enable = true;
## Time and Region ## Time and Region
time.timeZone = lib.mkDefault "Europe/Zurich"; time.timeZone = lib.mkDefault "Europe/Zurich";