dotfiles/system/carbon/vpn.nix

29 lines
880 B
Nix
Raw Normal View History

2022-09-18 19:42:30 +00:00
{
config,
pkgs,
...
}: {
# enable the tailscale daemon; this will do a
# variety of tasks:
# 1. create the TUN network device
# 2. setup some IP routes to route through the TUN
services.tailscale = {
enable = true;
useRoutingFeatures = "client"; # Make sure to pass `--accept-routes` to `tailscale up`
};
2022-09-18 19:42:30 +00:00
# Let's open the UDP port with which the network is tunneled through
networking.firewall.allowedUDPPorts = [41641];
# Disable SSH access through the firewall Only way into the machine will be
# through This may cause a chicken & egg problem since you need to register
# a machine first using `tailscale up`
# Better to rely on EC2 SecurityGroups
# services.openssh.openFirewall = false;
# Let's make the tailscale binary avilable to all users
environment.systemPackages = [pkgs.tailscale];
# TODO: Enable SSH via tailscale
}