-
Notifications
You must be signed in to change notification settings - Fork 2
/
initrd-tailscale.nix
44 lines (39 loc) · 1.46 KB
/
initrd-tailscale.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{ config, lib, pkgs, ... }: let
cfg = config.services.tailscale;
in {
boot.initrd = {
systemd.packages = [ cfg.package ];
systemd.initrdBin = [pkgs.iptables pkgs.iproute2 cfg.package];
availableKernelModules = ["tun" "nft_chain_nat"];
systemd.services.tailscaled = {
wantedBy = [ "initrd.target" ];
serviceConfig.Environment = [
"PORT=${toString cfg.port}"
''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"''
];
};
systemd.contents."/etc/tmpfiles.d/50-tailscale.conf".text = ''
L /var/run - - - - /run
'';
systemd.contents."/etc/hostname".source = config.environment.etc.hostname.source;
systemd.network.networks."50-tailscale" = {
matchConfig = {
Name = cfg.interfaceName;
};
linkConfig = {
Unmanaged = true;
ActivationPolicy = "manual";
};
};
systemd.extraBin.ping = "${pkgs.iputils}/bin/ping";
systemd.additionalUpstreamUnits = ["systemd-resolved.service"];
systemd.users.systemd-resolve = {};
systemd.groups.systemd-resolve = {};
systemd.contents."/etc/systemd/resolved.conf".source = config.environment.etc."systemd/resolved.conf".source;
systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/systemd-resolved"];
systemd.services.systemd-resolved = {
wantedBy = ["initrd.target"];
serviceConfig.ExecStartPre = "-+/bin/ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf";
};
};
}