diff options
| author | Alan Pearce | 2025-02-16 20:27:07 +0100 |
|---|---|---|
| committer | Alan Pearce | 2025-02-16 20:27:07 +0100 |
| commit | e7947c75afedc750bf4aa97a1d8e32957dbdfedb (patch) | |
| tree | 156820b30153e0789ae624570c505bf0c238d2bd /system | |
| parent | cde930a37f8cc9298d53be24703a165aab1e27ea (diff) | |
| download | nixfiles-e7947c75afedc750bf4aa97a1d8e32957dbdfedb.tar.lz nixfiles-e7947c75afedc750bf4aa97a1d8e32957dbdfedb.tar.zst nixfiles-e7947c75afedc750bf4aa97a1d8e32957dbdfedb.zip | |
nano: allow tailscale forwarding and SSH
Diffstat (limited to 'system')
| -rw-r--r-- | system/nano.nix | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/system/nano.nix b/system/nano.nix index be440a62..695d3f38 100644 --- a/system/nano.nix +++ b/system/nano.nix @@ -71,12 +71,19 @@ in "tailscale0" ]; filterForward = true; + extraForwardRules = '' + iifname "tailscale0" oifname "${lan}" accept + iifname "${lan}" oifname "tailscale0" accept + ''; }; nftables.enable = true; nat = { enable = true; externalInterface = wan; - internalInterfaces = [ lan ]; + internalInterfaces = [ + lan + "tailscale0" + ]; }; }; systemd.network = { @@ -188,6 +195,8 @@ in ''; }; + services.openssh.openFirewall = false; + services.dnsmasq = { enable = dnsmasqEnable; alwaysKeepRunning = true; @@ -273,7 +282,6 @@ in services.tailscale = { enable = true; extraUpFlags = [ - "--accept-dns=false" "--advertise-exit-node" "--advertise-routes=10.0.0.0/16,fd12:d04f:65d:42::/56" ]; @@ -318,10 +326,6 @@ in ]; }; - services.sshguard = { - enable = true; - }; - services.caddy = { enable = true; globalConfig = '' |