diff options
| author | scouckel <james.krinsky@gmail.com> | 2026-01-25 11:42:17 -0600 |
|---|---|---|
| committer | scouckel <james.krinsky@gmail.com> | 2026-01-25 11:42:17 -0600 |
| commit | 8f3848f4d41f9184657048ddecbe052b22d26874 (patch) | |
| tree | 690b7e7a345eb41eade0fd118e7bd821ac4c15a5 /modules/nixos/nas.nix | |
| parent | c1e1db1d3dcbc0437d3e740c9a63cd9838754cec (diff) | |
big changes
Diffstat (limited to 'modules/nixos/nas.nix')
| -rw-r--r-- | modules/nixos/nas.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix index 46bcb13..6201160 100644 --- a/modules/nixos/nas.nix +++ b/modules/nixos/nas.nix @@ -7,6 +7,9 @@ config = lib.mkIf config.client.nas.enable { services.tailscale.enable = true; + services.tailscale.useRoutingFeatures = "client"; + services.tailscale.openFirewall = true; + services.tailscale.extraUpFlags = [ "--accept-dns=false" ]; networking.nftables.enable = true; networking.firewall = { enable = true; @@ -14,6 +17,20 @@ allowedUDPPorts = [ config.services.tailscale.port ]; }; + networking.nftables = { + tables = { + mullvad_tailscale = { + content = '' + chain output { + type route hook output priority 0; policy accept; + ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + } + ''; + family = "inet"; + }; + }; + }; + systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ]; |