40 lines
901 B
Nix
40 lines
901 B
Nix
{ config, ... }:
|
|
{
|
|
services.tailscale = {
|
|
enable = true;
|
|
useRoutingFeatures = "both";
|
|
# serve = {
|
|
# enable = true;
|
|
# services = {
|
|
# cloud = {
|
|
# endpoints = {
|
|
# "tcp:443" = "https://localhost:3923";
|
|
# };
|
|
# };
|
|
# jellyfin = {
|
|
# endpoints = {
|
|
# "tcp:443" = "https://localhost:8096";
|
|
# };
|
|
# };
|
|
# photos = {
|
|
# endpoints = {
|
|
# "tcp:443" = "https://localhost:2283";
|
|
# };
|
|
# };
|
|
# };
|
|
# };
|
|
};
|
|
|
|
networking = {
|
|
nftables.enable = true;
|
|
firewall = {
|
|
enable = true;
|
|
trustedInterfaces = [ "${config.services.tailscale.interfaceName}" ];
|
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
|
};
|
|
};
|
|
|
|
systemd.services.tailscaled.serviceConfig.Environment = [
|
|
"TS_DEBUG_FIREWALL_MODE=nftables"
|
|
];
|
|
}
|