tailscale test

1 files changed, 25 insertions, 0 deletions

diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix
new file mode 100644
index 0000000..9cba982
--- /dev/null
+++ b/modules/nixos/tailscale.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+
+{
+  # 1. Enable the service and the firewall
+    services.tailscale.enable = true;
+    networking.nftables.enable = true;
+    networking.firewall = {
+      enable = true;
+      # Always allow traffic from your Tailscale network
+      trustedInterfaces = [ "tailscale0" ];
+      # Allow the Tailscale UDP port through the firewall
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+
+    # 2. Force tailscaled to use nftables (Critical for clean nftables-only systems)
+    # This avoids the "iptables-compat" translation layer issues.
+    systemd.services.tailscaled.serviceConfig.Environment = [ 
+      "TS_DEBUG_FIREWALL_MODE=nftables" 
+    ];
+
+    # 3. Optimization: Prevent systemd from waiting for network online 
+    # (Optional but recommended for faster boot with VPNs)
+    systemd.network.wait-online.enable = false; 
+    boot.initrd.systemd.network.wait-online.enable = false;
+  }