From 44aabef3913793f470a1f437f9f2405cb08f40f3 Mon Sep 17 00:00:00 2001
From: fleaz <mail@felixbreidenstein.de>
Date: Wed, 2 Aug 2023 22:24:47 +0200
Subject: [PATCH] all: Add tailscale module

---
 modules/headscale.nix | 10 ++++++++++
 roles/all.nix         |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 modules/headscale.nix

diff --git a/modules/headscale.nix b/modules/headscale.nix
new file mode 100644
index 0000000..a7f4c44
--- /dev/null
+++ b/modules/headscale.nix
@@ -0,0 +1,10 @@
+{config, ...}:
+{
+  services.tailscale.enable = true;
+
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+}
\ No newline at end of file
diff --git a/roles/all.nix b/roles/all.nix
index 621ed3b..78d30bc 100644
--- a/roles/all.nix
+++ b/roles/all.nix
@@ -22,6 +22,7 @@ in
     ../modules/udisks2.nix
     ../modules/samba.nix
     ../modules/gc.nix
+    ../modules/headscale.nix
 
     ../secrets/remote-builder.nix
     ../users/fleaz.nix