29 lines
880 B
Nix
29 lines
880 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# enable the tailscale daemon; this will do a
|
|
# variety of tasks:
|
|
# 1. create the TUN network device
|
|
# 2. setup some IP routes to route through the TUN
|
|
services.tailscale = {
|
|
enable = true;
|
|
useRoutingFeatures = "client"; # Make sure to pass `--accept-routes` to `tailscale up`
|
|
};
|
|
|
|
# Let's open the UDP port with which the network is tunneled through
|
|
networking.firewall.allowedUDPPorts = [41641];
|
|
|
|
# Disable SSH access through the firewall Only way into the machine will be
|
|
# through This may cause a chicken & egg problem since you need to register
|
|
# a machine first using `tailscale up`
|
|
# Better to rely on EC2 SecurityGroups
|
|
# services.openssh.openFirewall = false;
|
|
|
|
# Let's make the tailscale binary avilable to all users
|
|
environment.systemPackages = [pkgs.tailscale];
|
|
|
|
# TODO: Enable SSH via tailscale
|
|
}
|