diff --git a/system/networking.nix b/system/networking.nix index 0c35c5c..1aacee0 100644 --- a/system/networking.nix +++ b/system/networking.nix @@ -50,7 +50,6 @@ in systemd.network = { enable = true; - wait-online.ignoredInterfaces = [ "tailscale0" ]; networks = { "10-lan" = { matchConfig.Name = interfaces.lan; diff --git a/system/vpn.nix b/system/vpn.nix index f9cfcc0..1ea1231 100644 --- a/system/vpn.nix +++ b/system/vpn.nix @@ -15,6 +15,27 @@ in networking.wireguard.enable = true; networking.firewall.trustedInterfaces = [ tailscaleInterface ]; + systemd.network = { + # Fixes issues with other systemd networks when tailscale exist nodes are used + config.networkConfig = { + ManageForeignRoutes = false; + ManageForeignRoutingPolicyRules = false; + }; + wait-online.ignoredInterfaces = [ "tailscale0" ]; + }; + + services.networkd-dispatcher = { + enable = true; + rules."50-tailscale" = { + onState = [ "routable" ]; + script = '' + for dev in $(${pkgs.iproute2}/bin/ip route show 0/0 | cut -f5 -d' '); do + ${lib.getExe pkgs.ethtool} -K "$dev" rx-udp-gro-forwarding on rx-gro-list off + done + ''; + }; + }; + services.tailscale = { enable = true; package = pkgs.unstable.tailscale; @@ -27,7 +48,13 @@ in ]; }; - systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=auto" ]; + systemd.services.tailscaled = { + serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=auto" ]; + after = [ + "network-online.target" + "systemd-resolved.service" + ]; + }; # call taiscale up without --auth-key systemd.services.tailscaled-autoconnect = lib.mkIf (cfg.authKeyFile == null) {