From fe84df8b502b50e6c4b6d52de2c7e506c2edf6e4 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Thu, 25 Jul 2024 19:48:31 +0300
Subject: [PATCH] feat(roles/tailscale): add tailscale role

---
 roles/default.nix   |  1 +
 roles/tailscale.nix | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 roles/tailscale.nix

diff --git a/roles/default.nix b/roles/default.nix
index 4077166..6f5044c 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -14,6 +14,7 @@
     ./nix.nix
     ./plasma.nix
     ./qutebrowser.nix
+    ./tailscale.nix
     ./zellij.nix
   ];
 }
diff --git a/roles/tailscale.nix b/roles/tailscale.nix
new file mode 100644
index 0000000..973e03b
--- /dev/null
+++ b/roles/tailscale.nix
@@ -0,0 +1,35 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.roles.tailscale;
+in {
+  options.roles.tailscale = {
+    enable = lib.mkEnableOption "Tailscale";
+    authKeyFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+    };
+    interfaceName = lib.mkOption {
+      type = lib.types.str;
+      default = "tailscale0";
+    };
+    enableSSH = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      authKeyFile = lib.mkIf (cfg.authKeyFile != null) cfg.authKeyFile;
+      extraUpFlags = lib.mkIf (cfg.enableSSH) ["--ssh"]; # TODO: Make modular for multiple possible flags
+      interfaceName = cfg.interfaceName;
+      openFirewall = false;
+      #port = 41641;
+      useRoutingFeatures = "none";
+    };
+  };
+}
-- 
2.44.1