2026-01-21 16:21:34 +01:00
3 changed files with 51 additions and 61 deletions
--- a/modules/system/services/nebula/dns.nix
+++ b/modules/system/services/nebula/dns.nix
@ -29,17 +29,12 @@ in
              |> lib.map (node: "\"${node.name}.${nebulaCfg.network.domain}. A ${node.address}\"");
          };

-          forward-zone =
-            (lib.singleton {
+          forward-zone = lib.singleton {
            name = ".";
            forward-addr = [
              "1.1.1.1"
              "8.8.8.8"
            ];
-            })
-            ++ lib.optional config.custom.services.tailscale.enable {
-              name = "${config.custom.services.tailscale.domain}";
-              forward-addr = [ "100.100.100.100" ];
          };
        };
      };
--- a/modules/system/services/syncthing.nix
+++ b/modules/system/services/syncthing.nix
@ -51,8 +51,8 @@ in
  config = lib.mkIf cfg.enable {
    assertions = [
      {
-        assertion = config.custom.services.nebula.node.enable;
-        message = "Syncthing requires nebula";
+        assertion = config.custom.services.tailscale.enable;
+        message = "Syncthing requires tailscale";
      }
      {
        assertion = cfg.isServer -> (cfg.gui.domain != null);
@ -86,8 +86,7 @@ in
      };
    };

-    services = {
-      syncthing = {
+    services.syncthing = {
      enable = true;

      user = lib.mkIf (!cfg.isServer) "seb";
@ -106,11 +105,9 @@ in
          |> lib.filterAttrs (name: _: name != config.networking.hostName)
          |> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable)
          |> lib.mapAttrs (
-              _: value: {
+            name: value: {
              id = value.config.custom.services.syncthing.deviceId;
-                addresses = [
-                  "tcp://${value.config.custom.services.nebula.node.address}:${toString cfg.syncPort}"
-                ];
+              addresses = [ "tcp://${name}.${config.custom.services.tailscale.domain}:${toString cfg.syncPort}" ];
            }
          );

@ -122,7 +119,7 @@ in
          });

        options = {
-            listenAddress = "tcp://${config.custom.services.nebula.node.address}:${toString cfg.syncPort}";
+          listenAddress = "tcp://0.0.0.0:${toString cfg.syncPort}";
          globalAnnounceEnabled = false;
          localAnnounceEnabled = false;
          relaysEnabled = false;
@ -133,16 +130,6 @@ in
      };
    };

-      nebula.networks.mesh.firewall.inbound =
-        config.services.syncthing.settings.devices
-        |> lib.attrNames
-        |> lib.map (name: {
-          port = cfg.syncPort;
-          proto = "tcp";
-          host = name;
-        });
-    };
-
    custom = {
      services = {
        caddy.virtualHosts.${cfg.gui.domain}.port = lib.mkIf (cfg.gui.domain != null) cfg.gui.port;
--- a/modules/system/services/tailscale.nix
+++ b/modules/system/services/tailscale.nix
@ -35,5 +35,13 @@ in
    systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ];

    custom.persistence.directories = [ "/var/lib/tailscale" ];
+
+    # Disable search domain when nebula is in use
+    systemd.network.networks."50-tailscale" = lib.mkIf config.custom.services.nebula.node.enable {
+      matchConfig.Name = config.services.tailscale.interfaceName;
+      linkConfig.Unmanaged = lib.mkForce false;
+      dns = [ "100.100.100.100" ];
+      domains = [ ];
+    };
  };
 }