fix: move tailscale relay to fs-work for now

2025-10-11 17:53:23 +02:00
parent 29e65c1598
commit e101653b7f
4 changed files with 58 additions and 39 deletions
--- a/rossby/fs-work/default.nix
+++ b/rossby/fs-work/default.nix
@@ -145,6 +145,33 @@ in {
    ];
    boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_16;

+    services.tailscale =  {
+      enable = true;
+      authKeyFile = "/var/lib/secrets/tailscale.key";
+      useRoutingFeatures = "both"; # for exit-node usage
+      extraUpFlags = [
+        "--login-server=https://headscale.svc.oceanbox.io"
+        "--accept-dns=true"
+        "--accept-routes=true"
+        "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
+        "--snat-subnet-routes=false"
+      ];
+    };
+
+    services.networkd-dispatcher = {
+      enable = true;
+      rules = {
+        "tailscale-router" = {
+          onState = [ "routable" ];
+          script = ''
+            #!${pkgs.runtimeShell}
+            ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on rx-gro-list off
+            exit 0
+          '';
+        };
+      };
+    };
+
    imports = [
        ./hardware-configuration.nix
        ../default.nix