mirror/github.com-tboerger-nixos-config
1
0
Fork 0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-23 12:42:01 +01:00
Code Issues
1d61d96b65
github.com-tboerger-nixos-c.../machines/services/tailscale.nix
Thomas Boerger 3bb742392a
chore: even more restructuring
2022-10-25 09:53:40 +02:00

58 lines
1.2 KiB
Nix
Raw Blame History

{ pkgs, lib, config, options, fetchurl, ... }:
with lib;
let
cfg = config.personal.services.tailscale;
in
{
options = {
personal = {
services = {
tailscale = {
enable = mkEnableOption "Tailscale";
};
};
};
};
config = mkIf cfg.enable {
networking = {
firewall = {
checkReversePath = "loose";
};
};
services = {
tailscale = {
enable = true;
};
};
systemd.services.tailscaled-autoconnect = {
description = "Automatic connection for Tailscale";
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
sleep 3
STATUS="$(${pkgs.tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)"
if [ $\{STATUS\} = "Running" ]; then
exit 0
fi
${pkgs.tailscale}/bin/tailscale up --auth-key file:${config.age.secrets."services/tailscale/authkey".path}
'';
};
age.secrets."services/tailscale/authkey" = {
file = ../../secrets/services/tailscale/authkey.age;
};
};
}
View Git Blame Copy Permalink