nixos-config/modules/tailscale.nix

{ config, pkgs, ... }:
{
  services = {
    tailscale.enable = true;
  };

  systemd.services."restart-tailscaled" = {
    description = "Restart tailscaled if there's an error";
    serviceConfig = {
      Type = "oneshot";
      ExecStart = ''/bin/sh -c "tailscale status --json | jq -e '.Health[]' && systemctl restart tailscaled.service || echo 'No health problem detected'"'';
    };
    path = with pkgs; [
      jq
      tailscale
    ];
  };

  systemd.timers."restart-tailscaled" = {
    timerConfig = {
      OnCalendar = "minutely";
    };
    wantedBy = [ "tailscaled.service" ];
  };

  networking.firewall = {
    trustedInterfaces = [ "tailscale0" ];
    allowedUDPPorts = [ config.services.tailscale.port ];
  };

}
# vim: set et ts=2 sw=2 ai:
added tailscaled restart if needed 2025-11-26 23:50:59 +01:00			`{ config, pkgs, ... }:`
			`{`
			`services = {`
			`tailscale.enable = true;`
			`};`

			`systemd.services."restart-tailscaled" = {`
			`description = "Restart tailscaled if there's an error";`
			`serviceConfig = {`
			`Type = "oneshot";`
			`ExecStart = ''/bin/sh -c "tailscale status --json \| jq -e '.Health[]' && systemctl restart tailscaled.service \|\| echo 'No health problem detected'"'';`
			`};`
			`path = with pkgs; [`
			`jq`
			`tailscale`
			`];`
			`};`

			`systemd.timers."restart-tailscaled" = {`
			`timerConfig = {`
			`OnCalendar = "minutely";`
			`};`
			`wantedBy = [ "tailscaled.service" ];`
			`};`

			`networking.firewall = {`
			`trustedInterfaces = [ "tailscale0" ];`
			`allowedUDPPorts = [ config.services.tailscale.port ];`
			`};`

			`}`
			`# vim: set et ts=2 sw=2 ai:`