tailscale: document that --operator flag is broken

2025-05-30 04:21:02 +00:00
parent d178f2f2f6
commit eabc087ebb
1 changed files with 9 additions and 2 deletions
--- a/hosts/modules/roles/work.nix
+++ b/hosts/modules/roles/work.nix
@@ -11,13 +11,20 @@
  config = lib.mkIf config.sane.roles.work {
    ### TAILSCALE
    # first run:
-    # - `tailscale login --hostname $myHostname`
+    # - `sudo tailscale login --hostname $myHostname`
    sane.persist.sys.byStore.private = [
      { user = "root"; group = "root"; mode = "0700"; path = "/var/lib/tailscale"; method = "bind"; }
    ];
    services.tailscale.enable = true;
    # services.tailscale.useRoutingFeatures = "client";
-    services.tailscale.extraSetFlags = [ "--accept-routes" ];
+    services.tailscale.extraSetFlags = [
+      "--accept-routes"
+      # "--operator=colin"  #< this *should* allow non-root control, but fails: <https://github.com/tailscale/tailscale/issues/16080>
+    ];
+    services.tailscale.extraDaemonFlags = [
+      "-verbose" "7"
+    ];
+    # TODO: harden tailscaled

    sane.programs.guiApps.suggestedPrograms = [
      "slack"