cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/tailscale: add openFirewall option

Browse source
This commit is contained in:
Evan Deaubl 2023-10-20 07:37:41 -07:00
parent 5c78e5b4aa
commit 9407ed628d
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/services/networking/tailscale.nix
View file

@ -31,6 +31,12 @@ in {
package = lib.mkPackageOptionMD pkgs "tailscale" {}; package = lib.mkPackageOptionMD pkgs "tailscale" {};
openFirewall = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc "Whether to open the firewall for the specified port.";
};
useRoutingFeatures = mkOption { useRoutingFeatures = mkOption {
type = types.enum [ "none" "client" "server" "both" ]; type = types.enum [ "none" "client" "server" "both" ];
default = "none"; default = "none";
@ -113,6 +119,8 @@ in {
"net.ipv6.conf.all.forwarding" = mkOverride 97 true; "net.ipv6.conf.all.forwarding" = mkOverride 97 true;
}; };
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ cfg.port ];
networking.firewall.checkReversePath = mkIf (cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both") "loose"; networking.firewall.checkReversePath = mkIf (cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both") "loose";
networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ]; networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ];