From 05f36f27cba49e794b2a840edb5ec7f35ff92e53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Av=C3=A9?= <email@thomasave.be>
Date: Tue, 2 Jun 2026 15:18:21 +0700
Subject: [PATCH] Add tailscale to aloria

---
 hosts/Aloria/default.nix | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/hosts/Aloria/default.nix b/hosts/Aloria/default.nix
index c70b4e6..829b6c7 100644
--- a/hosts/Aloria/default.nix
+++ b/hosts/Aloria/default.nix
@@ -128,7 +128,7 @@ in {
       peers = [
         {
           publicKey = "/9ppjm3yeD0duDvxrqgcHscHmftXko+0s2RbivNEy2c=";
-          allowedIPs = ["0.0.0.0/0" "::/0"];
+          allowedIPs = ["0.0.0.0/0"];
           endpoint = "external.thomasave.be:13231";
           persistentKeepalive = 25;
         }
@@ -138,7 +138,7 @@ in {
       address = ["10.0.0.5/24"];
       privateKeyFile = "/home/user/.secrets/Wireguard/Aloria.key";
       listenPort = 51820;
-      autostart = true;
+      autostart = false;
       postUp = "resolvectl dns OPNsense 10.0.0.1; resolvectl domain OPNsense ~thomasave.be;";
       dns = ["10.0.0.1"];
       peers = [
@@ -162,6 +162,7 @@ in {
     enable = true;
     extraUpFlags = [
       "--login-server=https://headscale.thomasave.be"
+      "--accept-routes"
     ];
     authKeyFile = "/home/user/.secrets/Tailscale/Aloria/authkey";
   };
@@ -177,5 +178,22 @@ in {
     "net.ipv6.conf.all.disable_ipv6" = 1;
     "net.ipv6.conf.default.disable_ipv6" = 1;
     "net.ipv6.conf.lo.disable_ipv6" = 1;
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv4.conf.all.forwarding" = 1;
+  };
+
+  systemd.services.tailscale-ethtool-tweaks = {
+    description = "Apply ethtool tweaks for Tailscale subnet routing performance";
+    wantedBy = ["multi-user.target"];
+    after = ["network-online.target"];
+    wants = ["network-online.target"];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = pkgs.writeShellScript "tailscale-ethtool-tweaks" ''
+        NETDEV=$(${pkgs.iproute2}/bin/ip -o route get 1.1.1.1 | ${pkgs.coreutils}/bin/cut -f 5 -d " ")
+        ${pkgs.ethtool}/bin/ethtool -K "$NETDEV" rx-udp-gro-forwarding on rx-gro-list off
+      '';
+    };
   };
 }