diff options
Diffstat (limited to 'modules/nixos/nas.nix')
| -rw-r--r-- | modules/nixos/nas.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix index 46bcb13..6201160 100644 --- a/modules/nixos/nas.nix +++ b/modules/nixos/nas.nix @@ -7,6 +7,9 @@ config = lib.mkIf config.client.nas.enable { services.tailscale.enable = true; + services.tailscale.useRoutingFeatures = "client"; + services.tailscale.openFirewall = true; + services.tailscale.extraUpFlags = [ "--accept-dns=false" ]; networking.nftables.enable = true; networking.firewall = { enable = true; @@ -14,6 +17,20 @@ allowedUDPPorts = [ config.services.tailscale.port ]; }; + networking.nftables = { + tables = { + mullvad_tailscale = { + content = '' + chain output { + type route hook output priority 0; policy accept; + ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + } + ''; + family = "inet"; + }; + }; + }; + systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ]; |