tailscale: ignore tailscale link when using networkd

author: Tom <twitchyliquid64@ciphersink.net> 2022-06-21 13:23:28 -0700
committer: Tom <twitchyliquid64@ciphersink.net> 2022-06-21 13:23:28 -0700
commit: 3b8a1626800c6ddf0cfc8fdf4b8acd34f4401224 (patch)
tree: c672af44060a8ec20e533af4ac76507633581704 /nixos/modules
parent: 170a413797473733c5be0dd08cdbbab0e39b8aae (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix
index 0133874d0e0d0..f84252289abff 100644
--- a/nixos/modules/services/networking/tailscale.nix
+++ b/nixos/modules/services/networking/tailscale.nix
@@ -6,6 +6,7 @@ let
   cfg = config.services.tailscale;
   firewallOn = config.networking.firewall.enable;
   rpfMode = config.networking.firewall.checkReversePath;
+  isNetworkd = config.networking.useNetworkd;
   rpfIsStrict = rpfMode == true || rpfMode == "strict";
 in {
   meta.maintainers = with maintainers; [ danderson mbaillie twitchyliquid64 ];
@@ -69,5 +70,17 @@ in {
       # linux distros.
       stopIfChanged = false;
     };
+
+    networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ];
+
+    systemd.network.networks."50-tailscale" = mkIf isNetworkd {
+      matchConfig = {
+        Name = cfg.interfaceName;
+      };
+      linkConfig = {
+        Unmanaged = true;
+        ActivationPolicy = "manual";
+      };
+    };
   };
 }
author	Tom <twitchyliquid64@ciphersink.net>	2022-06-21 13:23:28 -0700
committer	Tom <twitchyliquid64@ciphersink.net>	2022-06-21 13:23:28 -0700
commit	3b8a1626800c6ddf0cfc8fdf4b8acd34f4401224 (patch)
tree	c672af44060a8ec20e533af4ac76507633581704 /nixos/modules
parent	170a413797473733c5be0dd08cdbbab0e39b8aae (diff)