{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
concatLists
concatStringsSep
;
inherit (lib.types)
str
listOf
enum
bool
;
cfg = config.modules.services.tailscale;
in
{
options.modules.services.tailscale = {
enable = mkEnableOption "Tailscale";
server = mkOption {
type = str;
default = "https://hs.ccnlc.eu";
description = "The coordination server tailscale should be using.";
};
isExitNode = mkOption {
type = bool;
default = false;
description = "Enable if node should serve advertise itself as an exit node.";
};
tags = mkOption {
type = listOf (enum [
"client"
"server"
]);
default = [ ];
apply = map (e: "tag:${e}");
};
defaultFlags = mkOption {
type = listOf str;
default = [ "--ssh" ];
};
extraFlags = mkOption {
type = listOf str;
default = [ ];
};
systemTray = mkOption {
type = bool;
default = config.modules.system.roles.desktop.enable;
description = "Display a system tray icon to interact with tailscale.";
};
};
config = mkIf cfg.enable {
services.tailscale = {
enable = true;
extraUpFlags = concatLists [
cfg.defaultFlags
cfg.extraFlags
(
mkIf cfg.tags != [ ] [
"--advertise-tags"
(concatStringsSep "," cfg.tags)
]
)
(mkIf cfg.server [
"--login-server"
cfg.server
])
];
useRoutingFeatures = mkIf cfg.isExitNode "server";
};
systemd.user.services.tailscale-system-tray = mkIf cfg.systemTray {
description = "tailscale system tray";
wantedBy = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [ pkgs.polkit ];
serviceConfig = {
Type = "simple";
ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
IPAddressDeny = "any";
};
};
};
}