users/modules/tailscale/default.nix at terra · ptr.pet/ark

ptr.pet / ark
nix machine / user configurations
ark / users / modules / tailscale / default.nix
at terra 2.2 kB view raw
 1{
 2  lib,
 3  config,
 4  pkgs,
 5  ...
 6}:
 7let
 8  l = lib;
 9  t = l.types;
10  cfg = config.services.tailscale;
11  proxychainsCfg = pkgs.writers.writeText "proxychains.conf" ''
12    proxy_dns
13    quiet_mode
14    [ProxyList]
15    socks5 127.0.0.1 1055
16    http 127.0.0.1 1055
17  '';
18  wrappedProxychains = pkgs.writers.writeBashBin "tailscale-proxychains" ''
19    ${pkgs.proxychains-ng}/bin/proxychains4 -f "${proxychainsCfg}" $@
20  '';
21  wrapped = pkgs.writers.writeBashBin "tailscale" ''
22    ${pkgs.tailscale}/bin/tailscale --socket $XDG_RUNTIME_DIR/tailscaled.sock $@
23  '';
24in
25{
26  options = {
27    services.tailscale = {
28      enable = l.mkEnableOption "tailscale client";
29      controlServer = l.mkOption {
30        type = t.str;
31        default = "https://controlplane.tailscale.com";
32        description = "tailscale control server URL";
33      };
34      authKeyFile = l.mkOption {
35        type = t.nullOr t.str;
36        default = null;
37        description = "Path to the auth key file";
38      };
39      extraUpFlags = l.mkOption {
40        type = t.listOf t.str;
41        default = [ ];
42        description = "Extra flags to pass to tailscale up";
43      };
44      proxyScript = l.mkOption {
45        type = t.package;
46        description = "path to a script that uses proxychains to proxy traffic";
47        readOnly = true;
48      };
49    };
50  };
51  config = l.mkIf cfg.enable {
52    home.packages = [
53      wrapped
54      wrappedProxychains
55    ];
56    services.tailscale.proxyScript = wrappedProxychains;
57    systemd.user.services.tailscaled = {
58      Unit = {
59        Description = "tailscaled";
60        After = [ "network.target" ];
61      };
62
63      Service = {
64        ExecStart = "${pkgs.tailscale}/bin/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket %t/tailscaled.sock";
65        Restart = "on-failure";
66        RestartSec = "5s";
67      }
68      // l.optionalAttrs (cfg.authKeyFile != null) {
69        ExecStartPost = "${wrapped}/bin/tailscale up --reset --login-server=${cfg.controlServer} --auth-key=file:${cfg.authKeyFile} ${l.concatStringsSep " " cfg.extraUpFlags}";
70      };
71
72      Install.WantedBy = [ "network.target" ];
73    };
74  };
75}