treewide: move tailscale to separate module

2024-07-19 21:24:42 +02:00 · 2024-07-19 21:24:42 +02:00 · 6d8c8a8f52
commit 6d8c8a8f52
parent 05300b82cf
9 changed files with 102 additions and 53 deletions
--- a/modules/system/common/default.nix
+++ b/modules/system/common/default.nix
@ -15,9 +15,12 @@ let
      username = lib.mkDefault "niko";
      sane-defaults = {
        enable = lib.mkDefault true;
-        tailnet = "discus-macaroni.ts.net";
      };
      flake-qol.enable = true;
+      tailscale = {
+        enable = true;
+        tailnet = "discus-macaroni.ts.net";
+      };
      user = {
        enable = lib.mkDefault true;
        # TODO: Move to settei or leave here?
--- a/modules/system/settei/default.nix
+++ b/modules/system/settei/default.nix
@ -18,6 +18,7 @@
    (import ./flake-qol.nix { inherit perInput; })
    ./user.nix
    (import ./programs { inherit isLinux; })
+    (import ./tailscale.nix { inherit isLinux; })
  ];

  options.settei = with lib; {
--- a/modules/system/settei/sane-defaults.nix
+++ b/modules/system/settei/sane-defaults.nix
@ -11,10 +11,6 @@ let
        type = types.attrsOf types.singleLineStr;
        default = { };
      };
-      tailnet = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-      };
    };
  };

@ -27,9 +23,6 @@ let
        username = lib.mkDefault username;
      };

-      # FIXME: Move to common
-      services.tailscale.enable = true;
-
      networking.hostName = lib.mkDefault (
        args.configurationName
          or (throw "pass configurationName to module arguments or set networking.hostName yourself")
@ -79,54 +72,28 @@ let
      };
    };

-  linuxConfig = lib.optionalAttrs isLinux (
-    let
-      nmEnabled = config.networking.networkmanager.enable;
-      tlEnabled = config.services.tailscale.enable;
-    in
-    lib.mkMerge [
-      {
-        hardware.enableRedistributableFirmware = true;
+  linuxConfig = lib.optionalAttrs isLinux {
+    hardware.enableRedistributableFirmware = true;

-        # FIXME: Move to common
-        networking.firewall.trustedInterfaces = lib.mkIf tlEnabled [ "tailscale0" ];
+    services.openssh.enable = true;
+    programs.mosh.enable = lib.mkDefault true;
+    programs.git.enable = lib.mkDefault true;

-        services.openssh.enable = true;
-        programs.mosh.enable = lib.mkDefault true;
-        programs.git.enable = lib.mkDefault true;
+    users = {
+      mutableUsers = false;
+      users.${username} = {
+        isNormalUser = true;
+        home = "/home/${username}";
+        group = username;
+        extraGroups = [ "wheel" ];
+      };
+      groups.${username} = { };
+    };

-        users = {
-          mutableUsers = false;
-          users.${username} = {
-            isNormalUser = true;
-            home = "/home/${username}";
-            group = username;
-            extraGroups = [ "wheel" ];
-          };
-          groups.${username} = { };
-        };
-
-        # TODO: Actually this should be extraRules which makes wheel users without any password set
-        #       be able to use sudo with no password
-        security.sudo.wheelNeedsPassword = false;
-      }
-      {
-        # When NetworkManager isn't in use, add tailscale DNS address manually
-        # FIXME: Move to common
-        networking = lib.mkIf (!nmEnabled && tlEnabled && cfg.tailnet != null) {
-          nameservers = [
-            "100.100.100.100"
-            "1.1.1.1"
-            "1.0.0.1"
-          ];
-          search = [ cfg.tailnet ];
-        };
-
-        # NetworkManager probably means desktop system so we don't want to slow down boot times
-        systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; };
-      }
-    ]
-  );
+    # TODO: Actually this should be extraRules which makes wheel users without any password set
+    #       be able to use sudo with no password
+    security.sudo.wheelNeedsPassword = false;
+  };

  darwinConfig = lib.optionalAttrs (!isLinux) {
    services.nix-daemon.enable = true;
--- a/modules/system/settei/tailscale.nix
+++ b/modules/system/settei/tailscale.nix
@ -0,0 +1,54 @@
+{ isLinux }:
+{ config, lib, ... }:
+let
+  inherit (lib)
+    types
+    mkEnableOption
+    mkIf
+    mkOption
+    ;
+
+  cfg = config.settei.tailscale;
+
+  options.settei.tailscale = {
+    enable = mkEnableOption "Tailscale configuration";
+    tailnet = mkOption { type = types.str; };
+    ipv4 = mkOption { type = types.str; };
+    ipv6 = mkOption { type = types.str; };
+  };
+
+  sharedConfig = {
+    services.tailscale.enable = true;
+  };
+
+  nmEnabled = config.networking.networkmanager.enable;
+  linuxConfig = lib.optionalAttrs isLinux (
+    lib.mkMerge [
+      {
+        networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+      }
+      (mkIf (!nmEnabled) {
+        # When NetworkManager isn't in use, add tailscale DNS address manually
+        networking.nameservers = [
+          "100.100.100.100"
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+        networking.search = [ cfg.tailnet ];
+      })
+    ]
+  );
+in
+{
+  _file = ./tailscale.nix;
+
+  inherit options;
+
+  config = mkIf cfg.enable (
+    lib.mkMerge [
+      sharedConfig
+      linuxConfig
+    ]
+  );
+}