From 2dbda3314fb7bef997d93ce641e9a82752072485 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaros=C5=82aw=20Wygoda?= <jaroslaw@wygoda.me>
Date: Wed, 26 Jul 2023 19:32:52 +0200
Subject: [PATCH] nixos/tailscale: add extraUpFlags option

---
 .../modules/services/networking/tailscale.nix  | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix
index dfb5422a1e9a..f308b7e33114 100644
--- a/nixos/modules/services/networking/tailscale.nix
+++ b/nixos/modules/services/networking/tailscale.nix
@@ -29,12 +29,7 @@ in {
       description = lib.mdDoc "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.";
     };
 
-    package = mkOption {
-      type = types.package;
-      default = pkgs.tailscale;
-      defaultText = literalExpression "pkgs.tailscale";
-      description = lib.mdDoc "The package to use for tailscale";
-    };
+    package = lib.mkPackageOptionMD pkgs "tailscale" {};
 
     useRoutingFeatures = mkOption {
       type = types.enum [ "none" "client" "server" "both" ];
@@ -58,6 +53,13 @@ in {
         A file containing the auth key.
       '';
     };
+
+    extraUpFlags = mkOption {
+      description = lib.mdDoc "Extra flags to pass to {command}`tailscale up`.";
+      type = types.listOf types.str;
+      default = [];
+      example = ["--ssh"];
+    };
   };
 
   config = mkIf cfg.enable {
@@ -98,10 +100,10 @@ in {
       serviceConfig = {
         Type = "oneshot";
       };
-      script = with pkgs; ''
+      script = ''
         status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
         if [[ $status != Connected* ]]; then
-          ${pkgs.tailscale}/bin/tailscale up --auth-key 'file:${cfg.authKeyFile}'
+          ${cfg.package}/bin/tailscale up --auth-key 'file:${cfg.authKeyFile}' ${escapeShellArgs cfg.extraUpFlags}
         fi
       '';
     };