From bcd18530c76980cfa72fa7ef06d8ef5bfc0f181c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.net>
Date: Sat, 12 Jun 2021 15:18:43 +0100
Subject: [PATCH] tailscale on foureighty

---
 nixos/boxes/foureighty/default.nix            |  2 ++
 .../boxes/foureighty/tailscale-foureighty.nix | 29 +++++++++++++++++++
 nixos/tailscale.nix                           |  6 +++-
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 nixos/boxes/foureighty/tailscale-foureighty.nix

diff --git a/nixos/boxes/foureighty/default.nix b/nixos/boxes/foureighty/default.nix
index 63456ddd..aaa5597d 100644
--- a/nixos/boxes/foureighty/default.nix
+++ b/nixos/boxes/foureighty/default.nix
@@ -8,6 +8,8 @@
     ../../common.nix
     ../../gfx-intel.nix
     ../../zerotier.nix
+    ../../tailscale.nix
+    ./tailscale-foureighty.nix
     ../../distributed-builds.nix
     ../../libvirt.nix
     ../../backups.nix
diff --git a/nixos/boxes/foureighty/tailscale-foureighty.nix b/nixos/boxes/foureighty/tailscale-foureighty.nix
new file mode 100644
index 00000000..d76a0673
--- /dev/null
+++ b/nixos/boxes/foureighty/tailscale-foureighty.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, inputs, lib, ... }:
+{
+  systemd.services.tailscale-autoconnect = {
+    description = "Automatic connection to Tailscale";
+
+    # make sure tailscale is running before trying to connect to tailscale
+    after = [ "network-pre.target" "tailscale.service" ];
+    wants = [ "network-pre.target" "tailscale.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    # set this service as a oneshot job
+    serviceConfig.Type = "oneshot";
+
+    # have the job run this shell script
+    script = with pkgs; ''
+      # wait for tailscaled to settle
+      sleep 2
+
+      # check if we are already authenticated to tailscale
+      status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+      if [ $status = "Running" ]; then # if so, then do nothing
+        exit 0
+      fi
+
+      # otherwise authenticate with tailscale
+      ${tailscale}/bin/tailscale up -authkey tskey-c1640a3f2a7ea4c7b7d96c39
+    '';
+  };
+}
diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix
index ee467a6c..31751975 100644
--- a/nixos/tailscale.nix
+++ b/nixos/tailscale.nix
@@ -1,7 +1,11 @@
 { config, pkgs, ... }:
 {
   environment.systemPackages = [ pkgs.tailscale ];
-  services.tailscale.enable = true;
+  services.tailscale = {
+    enable = true;
+    package = pkgs.tailscale;
+  };
+
   networking.firewall = {
     trustedInterfaces = [ "tailscale0" ];
     allowedUDPPorts = [ config.services.tailscale.port ];