Added tailscale config

2023-03-25 09:58:31 -07:00 · 2023-03-25 09:58:31 -07:00 · 954d01d4fe
commit 954d01d4fe
parent c1adac59c4
5 changed files with 59 additions and 53 deletions
--- a/systems/x86_64-linux/carbon/default.nix
+++ b/systems/x86_64-linux/carbon/default.nix
@ -10,7 +10,6 @@
    # Include the results of the hardware scan.
    ./hardware-configuration-zfs.nix
    ./zfs.nix
-    ./vpn.nix
  ];

  aa = {
@ -27,6 +26,10 @@
    apps.tmux.enable = true;

    services.printing.enable = true;
+    services.tailscale = {
+      enable = true;
+      configureClientRouting = true;
+    };

    hardware.audio.enable = true;
  };
--- a/systems/x86_64-linux/carbon/vpn.nix
+++ b/systems/x86_64-linux/carbon/vpn.nix
@ -1,28 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  # enable the tailscale daemon; this will do a
-  # variety of tasks:
-  # 1. create the TUN network device
-  # 2. setup some IP routes to route through the TUN
-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "client"; # Make sure to pass `--accept-routes` to `tailscale up`
-  };
-
-  # Let's open the UDP port with which the network is tunneled through
-  networking.firewall.allowedUDPPorts = [41641];
-
-  # Disable SSH access through the firewall Only way into the machine will be
-  # through This may cause a chicken & egg problem since you need to register
-  # a machine first using `tailscale up`
-  # Better to rely on EC2 SecurityGroups
-  # services.openssh.openFirewall = false;
-
-  # Let's make the tailscale binary avilable to all users
-  environment.systemPackages = [pkgs.tailscale];
-
-  # TODO: Enable SSH via tailscale
-}
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@ -10,7 +10,6 @@
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./zfs.nix
-    ./vpn.nix
  ];

  aa = {
@ -33,6 +32,11 @@
      subdomain_name = "gospel";
    };
    services.printing.enable = true;
+    services.tailscale = {
+      enable = true;
+      configureClientRouting = true;
+      configureServerRouting = true;
+    };

    hardware.audio.enable = true;
  };
--- a/systems/x86_64-linux/gospel/vpn.nix
+++ b/systems/x86_64-linux/gospel/vpn.nix
@ -1,23 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  # enable the tailscale daemon; this will do a
-  # variety of tasks:
-  # 1. create the TUN network device
-  # 2. setup some IP routes to route through the TUN
-  services.tailscale = {enable = true;};
-
-  # Let's open the UDP port with which the network is tunneled through
-  networking.firewall.allowedUDPPorts = [41641];
-
-  # Disable SSH access through the firewall Only way into the machine will be
-  # through This may cause a chicken & egg problem since you need to register
-  # a machine first using `tailscale up`
-  # Better to rely on EC2 SecurityGroups
-  # services.openssh.openFirewall = false;
-
-  # Let's make the tailscale binary avilable to all users
-  environment.systemPackages = [pkgs.tailscale];
-}