Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

File tailscale issue

Browse Source
This commit is contained in:
David Crompton
2023-09-28 20:26:05 -04:00
parent 0b6c412d61
commit 1c54bbeec5
3 changed files with 4 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
machines/hippocampus/modules/containerHeadscale.nix
View File

@@ -12,10 +12,6 @@
}; };
}; };
config = {config, pkgs, ...}: { config = {config, pkgs, ...}: {
imports = [
./tailscale.nix
];
networking.nameservers = [ "1.1.1.1" ]; networking.nameservers = [ "1.1.1.1" ];
networking.useHostResolvConf = false; networking.useHostResolvConf = false;
@@ -26,8 +22,8 @@
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = "client"; useRoutingFeatures = "client";
authTokenPath = "/var/tailauth"; authKeyFile = "/var/tailauth";
authUrl = authServer; extraUpFlags = ["--login-server" "${authServer}"];
}; };
}; };
}; };

35
machines/hippocampus/modules/tailscale.nix
View File

@@ -1,35 +0,0 @@
{config, pkgs, lib, ...}:
with lib;
let
cfg = config.services.tailscale;
defPath = if config.services.headscale.enable then "${config.services.headscale.settings.server_url}" else null;
in {
# Configure tailscale to allow specifiying user login and auth path
options.services.tailscale = {
authTokenPath = mkOption {
type = types.nullOr types.path;
default = null;
description = "Should tailscale automatically login with the given authtoken file";
};
authUrl = mkOption {
type = types.nullOr types.str;
default = defPath;
description = "Server URL of head/tailscale";
};
};
config = let
waitGen = optional (cfg.authTokenPath == defPath) "headscale-preauth-regen-${name}";
in {
systemd.services.tailscale_autologin = mkIf (cfg.enable && cfg.authTokenPath != null) {
wantedBy = ["tailscaled.service"];
after = ["tailscaled.service"] ++ waitGen;
script = ''
${pkgs.tailscale}/bin/tailscale up --login-server ${cfg.authUrl} --authkey $(cat ${cfg.authTokenPath})
'';
serviceConfig = {
Type = "simple";
};
};
};
}

7
machines/hippocampus/services/tailscale.nix
View File

@@ -4,16 +4,13 @@ let
in { in {
imports = [ imports = [
../modules/headscale.nix ../modules/headscale.nix
../modules/tailscale.nix
]; ];
services.headscale.ensureUsers = { services.headscale.ensureUsers = {
"${tailUser}" = {}; "${tailUser}" = {};
}; };
services.tailscale = { services.tailscale = {
enable = true; enable = true;
authTokenPath = config.services.headscale.ensureUsers."${tailUser}".path; extraUpFlags = ["--login-server" "${config.services.headscale.settings.server_url}"];
}; authKeyFile = config.services.headscale.ensureUsers."${tailUser}".path;
systemd.services.tailscale_autologin = {
after = ["headscale-preauth-${tailUser}.service"];
}; };
} }