nixos-config/system/vpn.nix

{ config, lib, ... }:

let
  cfg = config.services.tailscale;
  tailscaleInterface = cfg.interfaceName;
in {
  networking.wireguard.enable = true;
  networking.firewall.trustedInterfaces = [ tailscaleInterface ];

  services.tailscale = {
    enable = true;
    authKeyFile = "/dummy";
    openFirewall = true;
    useRoutingFeatures = "both";
    extraUpFlags = [
      "--reset"
      "--accept-routes"
      "--exit-node-allow-lan-access"
      "--exit-node=de-ber-wg-004.mullvad.ts.net"
    ];
  };

  systemd.services.tailscaled.serviceConfig.Environment =
    [ "TS_DEBUG_FIREWALL_MODE=auto" ];

  # call taiscale up without --auth-key
  systemd.services.tailscaled-autoconnect.script = ''
    status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
    if [[ $status != Connected* ]]; then
      ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
    fi
  '';
}
feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:06:53 +01:00			`{ config, lib, ... }:`
feat: add mullvad 2020-05-22 18:16:21 +02:00
feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:06:53 +01:00			`let`
			`cfg = config.services.tailscale;`
			`tailscaleInterface = cfg.interfaceName;`
feat(vpn): improve tailscale config 2023-12-27 18:03:57 +01:00			`in {`
feat(vpn): enable wireguard kernel module 2020-11-14 11:20:59 +01:00			`networking.wireguard.enable = true;`
feat(vpn): improve tailscale config 2023-12-27 18:03:57 +01:00			`networking.firewall.trustedInterfaces = [ tailscaleInterface ];`
fix(vpn): add workaround for mullvad issues 2021-06-10 12:14:30 +02:00
feat(vpn): improve tailscale config 2023-12-27 18:03:57 +01:00			`services.tailscale = {`
			`enable = true;`
feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:06:53 +01:00			`authKeyFile = "/dummy";`
feat(vpn): improve tailscale config 2023-12-27 18:03:57 +01:00			`openFirewall = true;`
			`useRoutingFeatures = "both";`
feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:06:53 +01:00			`extraUpFlags = [`
			`"--reset"`
			`"--accept-routes"`
fix(vpn): fix tailscale config 2024-01-12 20:46:03 +01:00			`"--exit-node-allow-lan-access"`
feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:06:53 +01:00			`"--exit-node=de-ber-wg-004.mullvad.ts.net"`
			`];`
feat(vpn): improve tailscale config 2023-12-27 18:03:57 +01:00			`};`
feat(vpn): add mullvad configuration service 2022-08-08 22:58:02 +02:00
fix(vpn): fix tailscale config 2024-01-12 20:46:03 +01:00			`systemd.services.tailscaled.serviceConfig.Environment =`
			`[ "TS_DEBUG_FIREWALL_MODE=auto" ];`

feat(vpn): fully replace Mullvad VPN with Tailscale 2024-01-06 03:06:53 +01:00			`# call taiscale up without --auth-key`
			`systemd.services.tailscaled-autoconnect.script = ''`
			`status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)`
			`if [[ $status != Connected* ]]; then`
			`${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}`
			`fi`
fix(vpn): exclude tailscale from Mullvad VPN routing 2023-12-27 15:50:17 +01:00			`'';`
feat: add mullvad 2020-05-22 18:16:21 +02:00			`}`