From 81a58be20b4634615d17df3466ba65714a24d626 Mon Sep 17 00:00:00 2001 From: Kyungrok Chung Date: Sat, 11 May 2024 02:59:25 +0900 Subject: nixos/tailscale: add extraSetFlags to configure daemon --- nixos/modules/services/networking/tailscale.nix | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix index a79e47d8491b8..a690dc610e825 100644 --- a/nixos/modules/services/networking/tailscale.nix +++ b/nixos/modules/services/networking/tailscale.nix @@ -61,12 +61,21 @@ in { }; extraUpFlags = mkOption { - description = "Extra flags to pass to {command}`tailscale up`."; + description = '' + Extra flags to pass to {command}`tailscale up`. Only applied if `authKeyFile` is specified."; + ''; type = types.listOf types.str; default = []; example = ["--ssh"]; }; + extraSetFlags = mkOption { + description = "Extra flags to pass to {command}`tailscale set`."; + type = types.listOf types.str; + default = []; + example = ["--advertise-exit-node"]; + }; + extraDaemonFlags = mkOption { description = "Extra flags to pass to {command}`tailscaled`."; type = types.listOf types.str; @@ -120,6 +129,18 @@ in { ''; }; + systemd.services.tailscaled-set = mkIf (cfg.extraSetFlags != []) { + after = ["tailscaled.service"]; + wants = ["tailscaled.service"]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + }; + script = '' + ${cfg.package}/bin/tailscale set ${escapeShellArgs cfg.extraSetFlags} + ''; + }; + boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") { "net.ipv4.conf.all.forwarding" = mkOverride 97 true; "net.ipv6.conf.all.forwarding" = mkOverride 97 true; -- cgit 1.4.1