NixOS is a Linux distribution that is built around the Nix package manager. More information is in my previous post(s). This post is about the way I user Tailscale on my collection of Nixos systems.
Tailscale on Desktop and Laptop Link to heading
Enabling tailscale on desktop and laptop can be done by adding the line services.tailscale.enable = true; to my Nixos configuration.
However I do not always want to use Tailscale and therefore I want to be able to manually start the Tailscale service.
This can be accomplished by adding the following Tailscale configuration to the Nixos configuration:
# Tailscale, but without auto-starting
services.tailscale.enable = true;
systemd.services.tailscaled.wantedBy = lib.mkForce [];
I add this to the Nixos configurations of all the systems I want in my Tailscale network.
Tailscale on Servers Link to heading
On my server(s) I want to be able to use Tailscale with the Exit Node option (see here). This way, I create my own virtual prive network (VPN) which allows me to securely access the internet from my home network and/or my remote Nixos servers.
The Tailscale server configuration with Exit Node functionality looks as follows:
# Tailscale (with oneshot exit-node)
services.tailscale.enable = true;
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node
'';
};
This configuration restarts tailscale, but adding the --advertise-exit-node option.