2025-04-29 13:36:01 +02:00
|
|
|
{pkgs, ...}: {
|
2025-02-21 14:07:29 +01:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
useRoutingFeatures = "both";
|
2025-04-29 13:36:01 +02:00
|
|
|
extraUpFlags = [
|
|
|
|
|
"--login-server https://va.m3tam3re.com"
|
|
|
|
|
"--advertise-exit-node"
|
|
|
|
|
"--accept-routes"
|
|
|
|
|
];
|
2025-02-21 14:07:29 +01:00
|
|
|
};
|
2025-04-29 13:36:01 +02:00
|
|
|
|
|
|
|
|
# Persistent systemd service for network settings
|
|
|
|
|
systemd.services.configure-network-offload = {
|
|
|
|
|
description = "Configure network offload settings";
|
|
|
|
|
after = ["network.target"];
|
|
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
ExecStart = "${pkgs.ethtool}/bin/ethtool -K ens3 rx-udp-gro-forwarding on rx-gro-list off";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
boot.kernel.sysctl = {
|
|
|
|
|
"net.ipv4.ip_forward" = 1;
|
|
|
|
|
"net.ipv6.conf.all.forwarding" = 1;
|
|
|
|
|
"net.core.gro_normal_batch" = 8;
|
|
|
|
|
"net.core.gro_flush_timeout" = 200000;
|
|
|
|
|
};
|
|
|
|
|
|
2025-02-21 14:07:29 +01:00
|
|
|
networking.firewall = {
|
|
|
|
|
trustedInterfaces = ["tailscale0"];
|
2025-04-29 13:36:01 +02:00
|
|
|
allowedUDPPorts = [41641];
|
|
|
|
|
checkReversePath = "loose";
|
2025-02-21 14:07:29 +01:00
|
|
|
};
|
2025-04-29 13:36:01 +02:00
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
ethtool
|
|
|
|
|
tailscale
|
|
|
|
|
];
|
2025-02-21 14:07:29 +01:00
|
|
|
}
|
