From 32d458c26e780fd6077853a67fe69047fd3ec061 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Sun, 26 May 2024 18:25:20 +0200
Subject: [PATCH] settei/sane-defaults: make tailscale interface trusted by
 default

---
 hosts/legion/default.nix                | 1 -
 modules/system/settei/sane-defaults.nix | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/legion/default.nix b/hosts/legion/default.nix
index e3b4b2d..59fad3e 100644
--- a/hosts/legion/default.nix
+++ b/hosts/legion/default.nix
@@ -30,7 +30,6 @@
         hostName = "legion";
         hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
         networkmanager.enable = true;
-        firewall.trustedInterfaces = [ "tailscale0" ];
         nftables.enable = true;
       };
       systemd.services.NetworkManager-wait-online.enable = false;
diff --git a/modules/system/settei/sane-defaults.nix b/modules/system/settei/sane-defaults.nix
index 7954343..ba1ddb6 100644
--- a/modules/system/settei/sane-defaults.nix
+++ b/modules/system/settei/sane-defaults.nix
@@ -29,6 +29,7 @@ let
 
       # FIXME: Move to common
       services.tailscale.enable = true;
+      networking.firewall.trustedInterfaces = [ "tailscale0" ];
 
       networking.hostName = lib.mkDefault (
         args.configurationName