diff --git a/modules/networking/tailscale.nix b/modules/networking/tailscale.nix index b5c9188..7043233 100644 --- a/modules/networking/tailscale.nix +++ b/modules/networking/tailscale.nix @@ -4,35 +4,50 @@ pkgs, ... }: +with lib; let cfg = config.my.networking.tailscale; in { - options.my.networking.tailscale = { - enable = lib.mkEnableOption "Enable Tailscale module"; - authKeyFile = lib.mkOption { - default = ""; - type = config.services.tailscale.authKeyFile.type; - description = config.services.tailscale.authKeyFile.description; + # If tailscaled activated on a unprivileged container this must be set on the Proxmox host. + # https://tailscale.com/kb/1130/lxc-unprivileged + # lxc.cgroup2.devices.allow: c 10:200 rwm + # lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file + + options.my.networking.tailscale = { + enable = mkEnableOption "Enable Tailscale module"; + + authKeyFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/secrets/tailscale_key"; + description = '' + A file containing the auth key. + ''; }; - exitNode = lib.mkOption { + exitNode = mkOption { + type = types.str; default = ""; + example = "server-name"; description = '' The tailscale IP of the optional exit node. ''; }; - extraUpFlags = lib.mkOption { - default = ""; - type = config.services.tailscale.extraUpFlags.type; - description = config.services.tailscale.extraUpFlags.description; + extraUpFlags = mkOption { + description = '' + Extra flags to pass to {command}`tailscale up`. Only applied if `authKeyFile` is specified.". The exit node set with `exitNode` are already applied. + ''; + type = types.listOf types.str; + default = [ ]; + example = [ "--ssh" ]; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.tailscale = { enable = true; authKeyFile = cfg.authKeyFile;