servers/common/tailscale.nix

{
  config,
  lib,
  ...
}:
let
  inherit (lib)
    mkEnableOption
    mkOption
    types
    mkIf
    ;
  cfg = config.foehammer.tailscale;
in
{
  options.foehammer.tailscale = {
    enable = mkEnableOption "Enable tailscale";
    authKeyFile = mkOption {
      type = types.nullOr types.path;
    };
  };

  config = mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      authKeyFile = cfg.authKeyFile;
      openFirewall = true;
    };

    networking.firewall.trustedInterfaces = [ "tailscale0" ];
  };
}
Refactor Tailscale and Restic Into Common Nixos Modules. 2025-02-07 17:14:52 -06:00			`{`
			`config,`
			`lib,`
			`...`
Nixfmt Tree 2026-02-24 00:00:35 -08:00			`}:`
			`let`
			`inherit (lib)`
			`mkEnableOption`
			`mkOption`
			`types`
			`mkIf`
			`;`
Refactor Tailscale and Restic Into Common Nixos Modules. 2025-02-07 17:14:52 -06:00			`cfg = config.foehammer.tailscale;`
Nixfmt Tree 2026-02-24 00:00:35 -08:00			`in`
			`{`
Refactor Tailscale and Restic Into Common Nixos Modules. 2025-02-07 17:14:52 -06:00			`options.foehammer.tailscale = {`
			`enable = mkEnableOption "Enable tailscale";`
			`authKeyFile = mkOption {`
			`type = types.nullOr types.path;`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`services.tailscale = {`
			`enable = true;`
			`authKeyFile = cfg.authKeyFile;`
			`openFirewall = true;`
			`};`

Nixfmt Tree 2026-02-24 00:00:35 -08:00			`networking.firewall.trustedInterfaces = [ "tailscale0" ];`
Refactor Tailscale and Restic Into Common Nixos Modules. 2025-02-07 17:14:52 -06:00			`};`
			`}`