From 25ec3e22b2320bf11aefcaf7d509b287d90f84e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kha=C3=AFs=20COLIN?= <khais.colin@gmail.com>
Date: Fri, 30 Aug 2024 14:01:57 +0200
Subject: [PATCH] feat(tailscale): setup tailscale

---
 configuration.nix |  1 +
 tailscale.nix     | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 tailscale.nix

diff --git a/configuration.nix b/configuration.nix
index f6b9029..54a2957 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,6 +6,7 @@ in
   imports = [
     ./hardware-configuration.nix
     ./openssh.nix
+    ./tailscale.nix
     ./firewall.nix
     ./fail2ban.nix
     ./borgbackup.nix
diff --git a/tailscale.nix b/tailscale.nix
new file mode 100644
index 0000000..2293526
--- /dev/null
+++ b/tailscale.nix
@@ -0,0 +1,11 @@
+{
+  networking.nameservers = [ "100.100.100.100" "1.1.1.1" "8.8.8.8" ];
+  networking.search = [ "hummingbird-stork.ts.net" ];
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+    extraUpFlags = [ "--ssh" ];
+  };
+  # Tell the firewall to implicitly trust packets routed over Tailscale:
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+}