From 0fc12a626aba7a23440fbb7fb9e8ebaa4b946537 Mon Sep 17 00:00:00 2001 From: Yan Lin Date: Tue, 26 Aug 2025 19:58:38 +0200 Subject: [PATCH] Add tailscale module --- README.md | 67 ++++++++++++++++++++++++++++++++++++++++++- flake.nix | 1 + modules/tailscale.nix | 11 +++++++ system/default.nix | 3 +- 4 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/tailscale.nix diff --git a/README.md b/README.md index e6523ab..d782826 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,8 @@ home-manager switch --flake github:Logan-Lin/nix-config#yanlin │ ├── firefox.nix # Firefox browser with extensions and bookmarks │ ├── btop.nix # Modern system monitor │ ├── ghostty.nix # GPU-accelerated terminal emulator -│ └── syncthing.nix # File synchronization service +│ ├── syncthing.nix # File synchronization service +│ └── tailscale.nix # Secure networking and VPN service ├── system/ # System-level nix-darwin configurations │ ├── default.nix # System module imports │ └── macos-defaults.nix # macOS system preferences and customizations @@ -646,6 +647,70 @@ hms - **Tmux**: Copy mode automatically uses system clipboard - **Terminal**: Standard Cmd+C/V works everywhere +## 🔒 Secure Networking: Tailscale + +**Configuration**: `modules/tailscale.nix` +**Purpose**: Secure mesh VPN for private networking across devices + +### Key Features: +- **Automatic Startup**: Runs as a system service at boot +- **MagicDNS**: Access devices by name instead of IP addresses +- **Secure Connectivity**: Zero-configuration encrypted connections +- **Exit Nodes**: Route traffic through specific devices + +### Command Line Usage: + +#### Basic Operations: +```bash +# Check connection status and see all devices +tailscale status + +# Connect to your Tailscale network (first-time setup) +tailscale up + +# Disconnect temporarily +tailscale down + +# View current Tailscale IP address +tailscale ip -4 +``` + +#### Exit Node Management: +```bash +# List available exit nodes +tailscale exit-node list + +# Use a specific exit node +tailscale set --exit-node= +# or +tailscale up --exit-node= + +# Stop using exit node +tailscale set --exit-node= +# or +tailscale up --exit-node= + +# Allow LAN access while using exit node +tailscale set --exit-node= --exit-node-allow-lan-access +``` + +#### Advanced Usage: +```bash +# Get suggested exit node +tailscale exit-node suggest + +# Check detailed network diagnostics +tailscale netcheck + +# Show network configuration +tailscale debug netmap +``` + +### Configuration Details: +- **Auto-start**: Enabled via nix-darwin service management +- **DNS Override**: Uses Tailscale's MagicDNS (100.100.100.100) for name resolution +- **System Integration**: Runs as a daemon accessible to all users + ## 💻 Machine Configurations - **`iMac`**: iMac configuration diff --git a/flake.nix b/flake.nix index 1f0c76a..f0f9768 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,7 @@ configuration = { pkgs, ... }: { imports = [ ./system + ./modules/tailscale.nix ]; environment.systemPackages = [ diff --git a/modules/tailscale.nix b/modules/tailscale.nix new file mode 100644 index 0000000..f74844f --- /dev/null +++ b/modules/tailscale.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: + +{ + # Enable Tailscale service + services.tailscale = { + enable = true; + # Override local DNS to use Tailscale's MagicDNS + # This ensures Tailscale DNS resolution works properly on macOS + overrideLocalDns = false; + }; + diff --git a/system/default.nix b/system/default.nix index 7a39153..8f5262b 100644 --- a/system/default.nix +++ b/system/default.nix @@ -4,4 +4,5 @@ imports = [ ./macos-defaults.nix ]; -} \ No newline at end of file + +}