From d169c368686b10ab34204b068791cb605d77d160 Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Mon, 27 Oct 2025 18:32:41 +0100
Subject: [PATCH] test out tailscale

---
 modules/misc/cli-tools.nix                  |  1 +
 systems/adam-site/configuration.nix         |  4 ++--
 systems/amd-server-vpn-vm/configuration.nix | 18 ++++++++++++++++++
 systems/pc/configuration.nix                |  1 +
 systems/pc/tailscale-client.nix             | 10 ++++++++++
 5 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 systems/pc/tailscale-client.nix

diff --git a/modules/misc/cli-tools.nix b/modules/misc/cli-tools.nix
index 1cbce44..89be79a 100644
--- a/modules/misc/cli-tools.nix
+++ b/modules/misc/cli-tools.nix
@@ -103,6 +103,7 @@ in {
         iotop
         inetutils
         nettools
+        wireguard-tools
       ];
     };
 }
diff --git a/systems/adam-site/configuration.nix b/systems/adam-site/configuration.nix
index 18f1168..e37645b 100644
--- a/systems/adam-site/configuration.nix
+++ b/systems/adam-site/configuration.nix
@@ -137,14 +137,14 @@
   networking.wg-quick.interfaces = {
     wg0 = {
       autostart = true;
-      address = [ "10.100.0.1/24" "fd42:4242:4242::1/64" ];
+      address = [ "10.100.0.1/24" "fd42:42:42::1/64" ];
       listenPort = 51820;
       privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
         {
           # kop pc
           publicKey = "YgecbWSNRqOmylYqxr/V21LL3UpKEr5x42lXPAxriSc=";
-          allowedIPs = [ "10.100.0.2/32" "fd42:4242:4242::2/128" ];
+          allowedIPs = [ "10.100.0.2/32" "fd42:42:42::2/128" ];
         }
       ];
     };
diff --git a/systems/amd-server-vpn-vm/configuration.nix b/systems/amd-server-vpn-vm/configuration.nix
index d5e7c65..ea5b1de 100644
--- a/systems/amd-server-vpn-vm/configuration.nix
+++ b/systems/amd-server-vpn-vm/configuration.nix
@@ -64,6 +64,24 @@
     };
   };
 
+  # https://github.com/juanfont/headscale/blob/main/config-example.yaml
+  #networking.firewall.allowedTCPPorts = [ 8080 ];
+  #services.headscale = {
+  #  enable = true;
+  #  address = "0.0.0.0";
+  #  settings = {
+  #    server_url = "http://0.0.0.0:8080";
+  #    logtail.enable = false;
+  #    dns = { 
+  #      base_domain = "kopatz.dev"; 
+  #      override_local_dns = false;
+  #    };
+  #  };
+  #};
+  #environment.systemPackages = with pkgs; [
+  #  headscale
+  #];
+
   #fileSystems."/" = {
   #  device = "/dev/disk/by-label/nixos";
   #  fsType = "ext4";
diff --git a/systems/pc/configuration.nix b/systems/pc/configuration.nix
index 6e20ad4..145e0ae 100644
--- a/systems/pc/configuration.nix
+++ b/systems/pc/configuration.nix
@@ -19,6 +19,7 @@
     ../../modules/misc/zram.nix
     #../../modules/hardware/ryzenmonitor.nix
     ../../modules/networkmanager.nix
+    #./tailscale-client.nix
   ];
 
   custom = {
diff --git a/systems/pc/tailscale-client.nix b/systems/pc/tailscale-client.nix
new file mode 100644
index 0000000..14e3775
--- /dev/null
+++ b/systems/pc/tailscale-client.nix
@@ -0,0 +1,10 @@
+{pkgs, lib, config, ...}:
+{
+  # Run tailscale up --login-server http://<headscale_server>
+  services.tailscale.enable = true;
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+}