colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

tailscale: document that --operator flag is broken

Browse Source
This commit is contained in:
Colin
2025-05-30 04:21:02 +00:00
parent d178f2f2f6
commit eabc087ebb
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/modules/roles/work.nix
View File

@@ -11,13 +11,20 @@
config = lib.mkIf config.sane.roles.work { config = lib.mkIf config.sane.roles.work {
### TAILSCALE ### TAILSCALE
# first run: # first run:
# - `tailscale login --hostname $myHostname` # - `sudo tailscale login --hostname $myHostname`
sane.persist.sys.byStore.private = [ sane.persist.sys.byStore.private = [
{ user = "root"; group = "root"; mode = "0700"; path = "/var/lib/tailscale"; method = "bind"; } { user = "root"; group = "root"; mode = "0700"; path = "/var/lib/tailscale"; method = "bind"; }
]; ];
services.tailscale.enable = true; services.tailscale.enable = true;
# services.tailscale.useRoutingFeatures = "client"; # services.tailscale.useRoutingFeatures = "client";
services.tailscale.extraSetFlags = [ "--accept-routes" ]; services.tailscale.extraSetFlags = [
"--accept-routes"
# "--operator=colin" #< this *should* allow non-root control, but fails: <https://github.com/tailscale/tailscale/issues/16080>
];
services.tailscale.extraDaemonFlags = [
"-verbose" "7"
];
# TODO: harden tailscaled
sane.programs.guiApps.suggestedPrograms = [ sane.programs.guiApps.suggestedPrograms = [
"slack" "slack"