From c76943d1c026319ebb1e88ba9aa42b09f9494856 Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Sun, 26 Jun 2022 15:53:21 +0200
Subject: machines/shiki: enable tailscale

---
 machines/profpatsch/shiki.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'machines/profpatsch')

diff --git a/machines/profpatsch/shiki.nix b/machines/profpatsch/shiki.nix
index 9ff81746..0ec468fa 100644
--- a/machines/profpatsch/shiki.nix
+++ b/machines/profpatsch/shiki.nix
@@ -4,7 +4,10 @@ let
   myLib  = import ./lib.nix  { inherit pkgs lib; };
   myPkgs = import ./pkgs.nix { inherit pkgs lib myLib unfreeAndNonDistributablePkgs; };
 
+  tailscaleInterface = "tailscale0";
+
   lock-screen = pkgs.writers.writeDashBin "lock-screen" ''
+
     set -e
     revert() {
       # never turn off the screen (disable dpms)
@@ -164,8 +167,16 @@ in {
 
     networking.networkmanager.enable = true;
 
-    services.tailscale.enable = true;
+    services.tailscale = {
+      enable = true;
+      interfaceName = tailscaleInterface;
+    };
 
+    networking.firewall.interfaces.${tailscaleInterface} = {
+      allowedTCPPorts = [
+        # Open ports that should be accessible via tailscale VPN here
+      ];
+    } ;
 
     services.mullvad-vpn.enable = true;
 
-- 
cgit 1.4.1