treewide: move tailscale to separate module

hosts/kazuki/default.nix

@@ -23,6 +23,11 @@
       # Not intended for interactive use
       settei.user.enable = false;
 
+      settei.tailscale = {
+        ipv4 = "100.88.21.71";
+        ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:1547";
+      };
+
       boot = {
         loader.systemd-boot.enable = true;
         loader.systemd-boot.configurationLimit = 1;

hosts/kogata/default.nix

@@ -10,6 +10,11 @@
       nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "teams" ];
       environment.systemPackages = with pkgs; [ teams ];
 
+      settei.tailscale = {
+        ipv4 = "100.102.13.61";
+        ipv6 = "fd7a:115c:a1e0::e126:d3d";
+      };
+
       common.hercules.enable = true;
       common.github-runner = {
         enable = true;

hosts/legion/default.nix

@@ -26,6 +26,11 @@
         loader.efi.canTouchEfiVariables = true;
       };
 
+      settei.tailscale = {
+        ipv4 = "100.84.112.35";
+        ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023";
+      };
+
       networking = {
         hostName = "legion";
         hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);

hosts/miyagi/default.nix

@@ -40,6 +40,10 @@
         ];
       };
 
+      settei.tailscale = {
+        ipv4 = "100.103.204.32";
+        ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6267:cc20";
+      };
       settei.user.config = {
         common.desktop.enable = true;
         home.packages = [ pkgs.slack ];

hosts/ude/default.nix

@@ -20,6 +20,11 @@
         loader.efi.canTouchEfiVariables = true;
       };
 
+      settei.tailscale = {
+        ipv4 = "100.118.42.139";
+        ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6276:2a8b";
+      };
+
       common.hercules.enable = true;
       services.hercules-ci-agent.settings.concurrentTasks = 6;
       common.github-runner = {

modules/system/common/default.nix

@@ -15,9 +15,12 @@ let
       username = lib.mkDefault "niko";
       sane-defaults = {
         enable = lib.mkDefault true;
-        tailnet = "discus-macaroni.ts.net";
       };
       flake-qol.enable = true;
+      tailscale = {
+        enable = true;
+        tailnet = "discus-macaroni.ts.net";
+      };
       user = {
         enable = lib.mkDefault true;
         # TODO: Move to settei or leave here?

modules/system/settei/default.nix

@@ -18,6 +18,7 @@
     (import ./flake-qol.nix { inherit perInput; })
     ./user.nix
     (import ./programs { inherit isLinux; })
+    (import ./tailscale.nix { inherit isLinux; })
   ];
 
   options.settei = with lib; {

modules/system/settei/sane-defaults.nix

@@ -11,10 +11,6 @@ let
         type = types.attrsOf types.singleLineStr;
         default = { };
       };
-      tailnet = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-      };
     };
   };
 
@@ -27,9 +23,6 @@ let
         username = lib.mkDefault username;
       };
 
-      # FIXME: Move to common
-      services.tailscale.enable = true;
-
       networking.hostName = lib.mkDefault (
         args.configurationName
           or (throw "pass configurationName to module arguments or set networking.hostName yourself")
@@ -79,18 +72,9 @@ let
       };
     };
 
-  linuxConfig = lib.optionalAttrs isLinux (
+  linuxConfig = lib.optionalAttrs isLinux {
-    let
-      nmEnabled = config.networking.networkmanager.enable;
-      tlEnabled = config.services.tailscale.enable;
-    in
-    lib.mkMerge [
-      {
     hardware.enableRedistributableFirmware = true;
 
-        # FIXME: Move to common
-        networking.firewall.trustedInterfaces = lib.mkIf tlEnabled [ "tailscale0" ];
-
     services.openssh.enable = true;
     programs.mosh.enable = lib.mkDefault true;
     programs.git.enable = lib.mkDefault true;
@@ -109,25 +93,8 @@ let
     # TODO: Actually this should be extraRules which makes wheel users without any password set
     #       be able to use sudo with no password
     security.sudo.wheelNeedsPassword = false;
-      }
-      {
-        # When NetworkManager isn't in use, add tailscale DNS address manually
-        # FIXME: Move to common
-        networking = lib.mkIf (!nmEnabled && tlEnabled && cfg.tailnet != null) {
-          nameservers = [
-            "100.100.100.100"
-            "1.1.1.1"
-            "1.0.0.1"
-          ];
-          search = [ cfg.tailnet ];
   };
 
-        # NetworkManager probably means desktop system so we don't want to slow down boot times
-        systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; };
-      }
-    ]
-  );
-
   darwinConfig = lib.optionalAttrs (!isLinux) {
     services.nix-daemon.enable = true;
 

modules/system/settei/tailscale.nix

@@ -0,0 +1,54 @@
+{ isLinux }:
+{ config, lib, ... }:
+let
+  inherit (lib)
+    types
+    mkEnableOption
+    mkIf
+    mkOption
+    ;
+
+  cfg = config.settei.tailscale;
+
+  options.settei.tailscale = {
+    enable = mkEnableOption "Tailscale configuration";
+    tailnet = mkOption { type = types.str; };
+    ipv4 = mkOption { type = types.str; };
+    ipv6 = mkOption { type = types.str; };
+  };
+
+  sharedConfig = {
+    services.tailscale.enable = true;
+  };
+
+  nmEnabled = config.networking.networkmanager.enable;
+  linuxConfig = lib.optionalAttrs isLinux (
+    lib.mkMerge [
+      {
+        networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+      }
+      (mkIf (!nmEnabled) {
+        # When NetworkManager isn't in use, add tailscale DNS address manually
+        networking.nameservers = [
+          "100.100.100.100"
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+        networking.search = [ cfg.tailnet ];
+      })
+    ]
+  );
+in
+{
+  _file = ./tailscale.nix;
+
+  inherit options;
+
+  config = mkIf cfg.enable (
+    lib.mkMerge [
+      sharedConfig
+      linuxConfig
+    ]
+  );
+}