diff options
Diffstat (limited to 'os/cez/modules/headscale.nix')
| -rw-r--r-- | os/cez/modules/headscale.nix | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/os/cez/modules/headscale.nix b/os/cez/modules/headscale.nix index fc465d8..169ed45 100644 --- a/os/cez/modules/headscale.nix +++ b/os/cez/modules/headscale.nix @@ -1,9 +1,38 @@ -{ config, ... }: +{ config, pkgs, ... }: let headScaleUrl = "https://headscale.${config.global.userdata.domain}"; + user = config.global.userdata.name; + + exitNode = "kay"; + helper = pkgs.writeShellApplication { + name = "vpn"; + runtimeInputs = with pkgs; [ + libnotify + tailscale + jq + ]; + + text = '' + note() { + command -v notify-send >/dev/null && + notify-send " Headscale" "$1" + + printf "\n%s\n" "$1" + } + + if [ "$(tailscale status --peers --json | jq ".ExitNodeStatus")" = "null" ]; then + tailscale set --exit-node=${exitNode} && + note "Now routing all traffic through ${exitNode}" + else + tailscale set --exit-node= && + note "Traffic now uses default route." + fi + ''; + }; in { sops.secrets."misc/headscale" = { }; + environment.systemPackages = [ helper ]; networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; services.tailscale = { @@ -14,7 +43,10 @@ in authKeyFile = config.sops.secrets."misc/headscale".path; extraUpFlags = [ "--login-server=${headScaleUrl}" - "--accept-routes" + ]; + extraSetFlags = [ + "--operator=${user}" + "--accept-routes=true" ]; }; } |