2024-02-08 23:21:10 +03:00
|
|
|
{ config, ... }:
|
2023-12-23 01:26:18 +03:00
|
|
|
let
|
|
|
|
|
bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName;
|
|
|
|
|
tailscalePort = config.services.tailscale.port;
|
|
|
|
|
tailscaleIfname = config.services.tailscale.interfaceName;
|
2024-07-01 12:01:57 +03:00
|
|
|
netbirdPort = config.services.netbird.clients.priv.port;
|
|
|
|
|
netbirdIfname = config.services.netbird.clients.priv.interface;
|
2023-12-23 01:26:18 +03:00
|
|
|
in {
|
2024-07-01 12:01:57 +03:00
|
|
|
networking.firewall.interfaces.${bridgeName}.allowedUDPPorts = [ tailscalePort netbirdPort ];
|
|
|
|
|
networking.firewall.trustedInterfaces = [ tailscaleIfname netbirdIfname ];
|
2023-12-23 01:26:18 +03:00
|
|
|
|
|
|
|
|
systemd.network.networks."50-tailscale" = {
|
|
|
|
|
matchConfig.Name = tailscaleIfname;
|
|
|
|
|
linkConfig.Unmanaged = true;
|
|
|
|
|
linkConfig.ActivationPolicy = "manual";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
port = 18491;
|
|
|
|
|
useRoutingFeatures = "both";
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-01 12:01:57 +03:00
|
|
|
services.netbird.clients.priv = {
|
|
|
|
|
interface = "wt0";
|
|
|
|
|
port = 52674;
|
|
|
|
|
hardened = false;
|
|
|
|
|
ui.enable = false;
|
|
|
|
|
config = {
|
|
|
|
|
AdminURL.Host = "net.ataraxiadev.com:443";
|
|
|
|
|
AdminURL.Scheme = "https";
|
|
|
|
|
ManagementURL.Host = "net.ataraxiadev.com:443";
|
|
|
|
|
ManagementURL.Scheme = "https";
|
|
|
|
|
DisableAutoConnect = false;
|
|
|
|
|
RosenpassEnabled = true;
|
|
|
|
|
RosenpassPermissive = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
users.users.${config.mainuser}.extraGroups = [ "netbird-priv" ];
|
2024-06-30 13:49:13 +03:00
|
|
|
|
2024-07-01 12:01:57 +03:00
|
|
|
persist.state.directories = [ "/var/lib/tailscale" "/var/lib/netbird-priv" ];
|
2023-12-23 01:26:18 +03:00
|
|
|
}
|
