LnL7/nix-darwin
1
1
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-09-11 04:35:46 +03:00
Code Issues Projects Releases Wiki Activity

tailscale: improve MagicDNS setup

Browse Source
This commit is contained in:
Michael Hoang 2023-06-26 12:14:34 +10:00
parent 25ae710ba3
commit d2b70c61bf
3 changed files with 43 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/known-files/2c28f4fe3b4a958cd86b120e7eb799eee6976daa35b228c885f0630c55ef626c Normal file
View File

@ -0,0 +1,2 @@
# Added by tailscaled
nameserver 100.100.100.100

2
modules/nix/default.nix
View File

@ -140,7 +140,7 @@ in
in in
[ [
# Only ever in NixOS # Only ever in NixOS
(mkRemovedOptionModule [ "nix" "enable" ] "No `nix-darwin` equivilant to this NixOS option.") (mkRemovedOptionModule [ "nix" "enable" ] "No `nix-darwin` equivalent to this NixOS option.")
(mkRemovedOptionModule [ "nix" "daemonCPUSchedPolicy" ] (altOption "nix.daemonProcessType")) (mkRemovedOptionModule [ "nix" "daemonCPUSchedPolicy" ] (altOption "nix.daemonProcessType"))
(mkRemovedOptionModule [ "nix" "daemonIOSchedClass" ] (altOption "nix.daemonProcessType")) (mkRemovedOptionModule [ "nix" "daemonIOSchedClass" ] (altOption "nix.daemonProcessType"))
(mkRemovedOptionModule [ "nix" "daemonIOSchedPriority" ] (altOption "nix.daemonIOLowPriority")) (mkRemovedOptionModule [ "nix" "daemonIOSchedPriority" ] (altOption "nix.daemonIOLowPriority"))

67
modules/services/tailscale.nix
View File

@ -7,13 +7,12 @@ let
in in
{ {
options.services.tailscale = { imports = [
domain = mkOption { (mkRemovedOptionModule [ "services" "tailscale" "domain" ] "Tailscale no longer requires setting the search domain manually.")
type = types.str; (mkRemovedOptionModule [ "services" "tailscale" "magicDNS" ] "MagicDNS no longer requires overriding the DNS servers, if this is necessary you can use `services.tailscale.overrideLocalDns`.")
default = ""; ];
description = lib.mdDoc "The Tailscale domain. This is displayed at the top left of https://login.tailscale.com/admin, next to the Tailscale logo.";
};
options.services.tailscale = {
enable = mkEnableOption (lib.mdDoc "Tailscale client daemon"); enable = mkEnableOption (lib.mdDoc "Tailscale client daemon");
package = mkOption { package = mkOption {
@ -23,26 +22,32 @@ in
description = lib.mdDoc "The package to use for tailscale"; description = lib.mdDoc "The package to use for tailscale";
}; };
magicDNS = { overrideLocalDns = mkOption {
enable = mkOption { type = types.bool;
type = types.bool; default = false;
default = false; example = true;
example = true; description = lib.mdDoc ''
description = lib.mdDoc "Whether to configure networking to work with Tailscale's MagicDNS."; This option implements `Override local DNS` as it is not yet implemented in Tailscaled-on-macOS.
};
To use this option, in the Tailscale control panel:
1. at least one DNS server is added
2. `Override local DNS` is enabled
As this option sets 100.100.100.100 as your sole DNS server, if the requirements above are not met,
all non-MagicDNS queries WILL fail.
'';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ { assertions = [{
assertion = !cfg.magicDNS.enable || config.networking.dns != [ "100.100.100.100" ]; assertion = !cfg.overrideLocalDns || config.networking.dns == [ "100.100.100.100" ];
message = '' message = ''
When MagicDNS is enabled, fallback DNS servers need to be set with `networking.dns`. DNS servers should be configured on the Tailscale control panel when `services.tailscale.overrideLocalDns` is enabled.
Otherwise, Tailscale will take a long time to connect and all DNS queries A race condition can occur when DNS servers are set locally, leading to MagicDNS to not work.
will fail until Tailscale has connected.
''; '';
} ]; }];
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
@ -59,13 +64,21 @@ in
}; };
}; };
networking = mkIf cfg.magicDNS.enable { networking.dns = mkIf cfg.overrideLocalDns [ "100.100.100.100" ];
dns = [ "100.100.100.100" ];
search = # Ensures Tailscale MagicDNS always works even without adding 100.100.100.100 to DNS servers
if cfg.domain == "" then environment.etc."resolver/ts.net".text = "nameserver 100.100.100.100";
[ ]
else # This file gets created by tailscaled when `Override local DNS` is turned off
[ "${cfg.domain}.beta.tailscale.net" ]; environment.etc."resolver/ts.net".knownSha256Hashes = [
}; "2c28f4fe3b4a958cd86b120e7eb799eee6976daa35b228c885f0630c55ef626c"
];
# Cleaning up the .orig file is necessary as any files in /etc/resolver will be used.
system.activationScripts.etc.text = mkAfter ''
if [ -e /etc/resolver/ts.net.orig ]; then
rm /etc/resolver/ts.net.orig
fi
'';
}; };
} }