2025-05-05 11:44:32 +02:00
|
|
|
{
|
|
|
|
|
config,
|
2025-05-06 13:22:39 +02:00
|
|
|
lib,
|
2025-05-05 11:44:32 +02:00
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
2025-02-21 14:07:29 +01:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
2025-05-05 11:44:32 +02:00
|
|
|
authKeyFile = config.age.secrets.tailscale-key.path;
|
2025-05-06 13:22:39 +02:00
|
|
|
useRoutingFeatures = "both";
|
2025-04-29 13:36:01 +02:00
|
|
|
extraUpFlags = [
|
2025-05-05 11:44:32 +02:00
|
|
|
"--login-server=${config.services.headscale.settings.server_url}"
|
2025-04-29 13:36:01 +02:00
|
|
|
"--advertise-exit-node"
|
|
|
|
|
"--accept-routes"
|
|
|
|
|
];
|
2025-02-21 14:07:29 +01:00
|
|
|
};
|
2025-05-06 13:22:39 +02:00
|
|
|
services.networkd-dispatcher = lib.mkIf config.services.tailscale.enable {
|
2025-05-05 11:44:32 +02:00
|
|
|
enable = true;
|
|
|
|
|
rules."50-tailscale" = {
|
|
|
|
|
onState = ["routable"];
|
|
|
|
|
script = ''
|
2025-05-06 13:22:39 +02:00
|
|
|
NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")
|
|
|
|
|
${pkgs.ethtool}/bin/ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off
|
2025-05-05 11:44:32 +02:00
|
|
|
'';
|
2025-04-29 13:36:01 +02:00
|
|
|
};
|
|
|
|
|
};
|
2025-02-21 14:07:29 +01:00
|
|
|
}
|
