mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-07-12 07:32:40 +02:00
feat: remote desktop
This commit is contained in:
@@ -0,0 +1,76 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
# =============================================================
|
||||
#
|
||||
# Tailscale - your own private network(VPN) that uses WireGuard
|
||||
#
|
||||
# It's open souce and free for personal use,
|
||||
# and it's really easy to setup and use.
|
||||
# Tailscale has great client coverage for Linux, windows, Mac, android, and iOS.
|
||||
# Tailscale is more mature and stable compared to other alternatives such as netbird/netmaker.
|
||||
# Maybe I'll give netbird/netmaker a try when they are more mature, but for now, I'm sticking with Tailscale.
|
||||
#
|
||||
# How to use:
|
||||
# 1. Create a Tailscale account at https://login.tailscale.com
|
||||
# 2. Login via `tailscale login`
|
||||
# 3. join into your Tailscale network via `tailscale up`
|
||||
# 4. If you prefer automatic connection to Tailscale, then generate a authkey, and uncomment the systemd service below.
|
||||
#
|
||||
# Status Data:
|
||||
# `journalctl -u tailscaled` shows tailscaled's logs
|
||||
# logs indicate that tailscale store its data in /var/lib/tailscale
|
||||
# which is already persistent across reboots(via impermanence.nix)
|
||||
#
|
||||
# References:
|
||||
# https://tailscale.com/blog/nixos-minecraft
|
||||
#
|
||||
# =============================================================
|
||||
{
|
||||
# make the tailscale command usable to users
|
||||
environment.systemPackages = [pkgs.tailscale];
|
||||
|
||||
# enable the tailscale service
|
||||
services.tailscale.enable = true;
|
||||
|
||||
# create a oneshot job to authenticate to Tailscale
|
||||
# systemd.services.tailscale-autoconnect = {
|
||||
# description = "Automatic connection to Tailscale";
|
||||
#
|
||||
# # make sure tailscale is running before trying to connect to tailscale
|
||||
# after = ["network-pre.target" "tailscale.service"];
|
||||
# wants = ["network-pre.target" "tailscale.service"];
|
||||
# wantedBy = ["multi-user.target"];
|
||||
#
|
||||
# # set this service as a oneshot job
|
||||
# serviceConfig.Type = "oneshot";
|
||||
#
|
||||
# # have the job run this shell script
|
||||
# script = with pkgs; ''
|
||||
# # wait for tailscaled to settle
|
||||
# sleep 2
|
||||
#
|
||||
# # check if we are already authenticated to tailscale
|
||||
# status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||
# if [ $status = "Running" ]; then # if so, then do nothing
|
||||
# exit 0
|
||||
# fi
|
||||
#
|
||||
# # otherwise authenticate with tailscale
|
||||
# ${tailscale}/bin/tailscale up -authkey file:${config.age.secrets.tailscale-authkey.path}
|
||||
# '';
|
||||
# };
|
||||
|
||||
networking.firewall = {
|
||||
# always allow traffic from your Tailscale network
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
|
||||
# allow the Tailscale UDP port through the firewall
|
||||
allowedUDPPorts = [config.services.tailscale.port];
|
||||
|
||||
# allow you to SSH in over the public internet
|
||||
allowedTCPPorts = [22];
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user