style: reformat with nixfmt-rfc-style
This commit is contained in:
parent
5ad8bc1d56
commit
1c5d83d81e
99 changed files with 2247 additions and 1334 deletions
system
|
@ -1,11 +1,17 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.services.tailscale;
|
||||
tailscaleInterface = cfg.interfaceName;
|
||||
inherit (config.networking) hostName;
|
||||
tailnetHost = "${hostName}.tail05275.ts.net";
|
||||
in {
|
||||
in
|
||||
{
|
||||
networking.wireguard.enable = true;
|
||||
networking.firewall.trustedInterfaces = [ tailscaleInterface ];
|
||||
|
||||
|
@ -22,8 +28,7 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
systemd.services.tailscaled.serviceConfig.Environment =
|
||||
[ "TS_DEBUG_FIREWALL_MODE=auto" ];
|
||||
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=auto" ];
|
||||
|
||||
# call taiscale up without --auth-key
|
||||
systemd.services.tailscaled-autoconnect = lib.mkIf (cfg.authKeyFile == null) {
|
||||
|
@ -31,19 +36,21 @@ in {
|
|||
wants = [ "tailscaled.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
|
||||
if [[ $status != Connected* ]]; then
|
||||
${cfg.package}/bin/tailscale up
|
||||
fi
|
||||
script =
|
||||
''
|
||||
status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
|
||||
if [[ $status != Connected* ]]; then
|
||||
${cfg.package}/bin/tailscale up
|
||||
fi
|
||||
|
||||
# some options cannot be set immediately
|
||||
${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
|
||||
# some options cannot be set immediately
|
||||
${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
|
||||
|
||||
${cfg.package}/bin/tailscale cert ${tailnetHost}
|
||||
'' + lib.optionalString config.services.nginx.enable ''
|
||||
chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
|
||||
'';
|
||||
${cfg.package}/bin/tailscale cert ${tailnetHost}
|
||||
''
|
||||
+ lib.optionalString config.services.nginx.enable ''
|
||||
chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${tailnetHost} = {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue