blob: 8f08ec95bdfc71c134276c169746ffc42a2674ac (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# NixOS module for Tailscale
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tailscale;
aclVar = optionalAttrs (cfg.aclFile != null) {
ACL_FILE = "--acl-file=${cfg.aclFile}";
};
in {
options.services.tailscale = {
enable = mkEnableOption "Tailscale relay";
package = mkOption {
type = types.package;
default = pkgs.tailscale; # <- this doesn't actually exist yet
description = "Tailscale client package to use";
};
port = mkOption {
type = types.int;
default = 41641;
description = ''
Set the port to listen on for incoming VPN packets.
Remote nodes will automatically be informed about the new port
number, but you might want to configure this in order to set
external firewall settings.
'';
};
aclFile = mkOption {
type = with types; nullOr path;
default = "${cfg.package}/etc/acl.json";
};
relayConf = mkOption {
type = types.path;
example = "/etc/tailscale.conf";
description = "The path to relay.conf";
};
extraFlags = mkOption {
type = with types; listOf str;
default = [];
description = "Extra flags you might want to pass to relaynode.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.services.tailscale-relay = {
description = "Traffic relay node for Tailscale IPN";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute iptables ];
unitConfig.ConditionPathExists = cfg.relayConf;
script = concatStringsSep " " ([
"${cfg.package}/bin/relaynode"
"--port=${toString cfg.port}"
"--config=${cfg.relayConf}"
(optionalString (cfg.aclFile != null) "--acl-file=${cfg.aclFile}")
] ++ cfg.extraFlags);
serviceConfig = {
RuntimeDirectory = "tailscale";
LogsDirectory = "tailscale";
};
};
};
}
|
