Alexander Heldt
26 lines
848 B
Nix
26 lines
848 B
Nix
{ pkgs, ... }:
|
|
{
|
|
services.tailscale.enable = true;
|
|
|
|
# Pinned to 1.96.5. 1.98.0 regressed split-DNS handling under work-vpn: the
|
|
# netmap's "resolve <tailnet>.ts.net locally via MagicDNS" hint is dropped
|
|
# when translated into systemd-resolved config, so *.ts.net queries get sent
|
|
# to a public resolver (199.247.155.53) that the corporate VPN's port-53
|
|
# egress filter blocks.
|
|
services.tailscale.package = pkgs.tailscale.overrideAttrs (_: rec {
|
|
version = "1.96.5";
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "tailscale";
|
|
repo = "tailscale";
|
|
tag = "v${version}";
|
|
hash = "sha256-vYYb+2OtuXftjGGG0zWJesHccrClB8YZpclv9KzNN/c=";
|
|
};
|
|
vendorHash = "sha256-rhuWEEN+CtumVxOw6Dy/IRxWIrZ2x6RJb6ULYwXCQc4=";
|
|
});
|
|
|
|
networking.firewall = {
|
|
checkReversePath = "loose";
|
|
allowedUDPPorts = [ 41641 ];
|
|
};
|
|
}
|