nanopi: set up tailscale subnet routing

1 files changed, 18 insertions, 1 deletions

diff --git a/system/nanopi.nix b/system/nanopi.nix
index 4da31b20..cb8847d8 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -152,6 +152,8 @@ in
       extraForwardRules = ''
         iifname { "wan0", "wlan0", "wwan0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
         iifname { "lan1", "lan2", "bridge0" } oifname { "wan0", "wlan0", "wwan0" } accept
+        iifname "tailscale0" oifname "bridge0" accept
+        iifname "bridge0" oifname "tailscale0" accept
       '';
     };
     nftables = {
@@ -456,6 +458,9 @@ in
       interface = [
         "bridge0"
       ];
+      no-dhcp-interface = [
+        "tailscale0"
+      ];
       # auth-zone = "lan,wan0";
       # auth-server = [
       #   "nanopi.alanpearce.eu,wan0"
@@ -513,7 +518,7 @@ in
 
   services.networkd-dispatcher = {
     # broken?
-    enable = false;
+    enable = true;
     rules = {
       update-home-address = {
         onState = [ "configured" "configuring" ];
@@ -528,6 +533,18 @@ in
           exit 0
         '';
       };
+      tailscale-subnet-router-optimisation = {
+        onState = [ "routable" ];
+        script = ''
+          #!${pkgs.runtimeShell}
+          set -eu
+
+          if [[ $IFACE == "wan0" && $OperationalState == "routable" ]]
+          then
+            ${pkgs.ethtool}/bin/ethtool -K $IFACE rx-udp-gro-forwarding on rx-gro-list off
+          fi
+        '';
+      };
     };
   };