From 3c1d233b4e8fe0886ab135a131d911740ca63dd9 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Tue, 6 Feb 2024 14:15:44 -0800
Subject: [PATCH] feat(hakurei): exit

---
 nixos/tailscale.nix       | 10 ++++++++--
 systems/hakurei/nixos.nix |  2 ++
 systems/tewi/nixos.nix    |  1 -
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix
index 94a0af61..afa78f04 100644
--- a/nixos/tailscale.nix
+++ b/nixos/tailscale.nix
@@ -46,13 +46,19 @@ in {
         fixResolved = optionalString config.services.resolved.enable ''
           resolvectl revert ${config.services.tailscale.interfaceName} || true
         '';
-        advertiseExitNode = optionalString cfg.advertiseExitNode " --advertise-exit-node";
+        # https://tailscale.com/kb/1320/performance-best-practices#ethtool-configuration
+        exitNodeRouting = optionalString cfg.advertiseExitNode ''
+          netdev=$(${pkgs.iproute2}/bin/ip route show 0/0 | ${pkgs.coreutils}/bin/cut -f5 -d' ' || echo eth0)
+          ${getExe pkgs.ethtool} -K "$netdev" rx-udp-gro-forwarding on rx-gro-list off || true
+        '';
+        advertiseExitNode = "--advertise-exit-node" + optionalString (!cfg.advertiseExitNode) "=false";
       in
         with pkgs; ''
           # wait for tailscaled to settle
           sleep 5
 
           ${fixResolved}
+          ${exitNodeRouting}
 
           # check if we are already authenticated to tailscale
           status="$(${getExe tailscale} status -json | ${getExe jq} -r .BackendState)"
@@ -62,7 +68,7 @@ in {
           fi
 
           # otherwise authenticate with tailscale
-          ${getExe tailscale} up${advertiseExitNode} -authkey $(cat ${config.sops.secrets.tailscale-key.path})
+          ${getExe tailscale} up ${advertiseExitNode} -authkey $(cat ${config.sops.secrets.tailscale-key.path})
         '';
     };
   };
diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix
index 21e50d87..cdd5d7bd 100644
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@@ -130,6 +130,8 @@ in {
     };
   };
 
+  services.tailscale.advertiseExitNode = true;
+
   systemd.network.networks.eth0 = {
     name = "eth0";
     matchConfig = {
diff --git a/systems/tewi/nixos.nix b/systems/tewi/nixos.nix
index 36953ea4..4ce1a8e3 100644
--- a/systems/tewi/nixos.nix
+++ b/systems/tewi/nixos.nix
@@ -13,7 +13,6 @@
   ];
 
   services.kanidm.serverSettings.db_fs_type = "zfs";
-  services.tailscale.advertiseExitNode = true;
   services.postgresql.package = pkgs.postgresql_14;
 
   sops.defaultSopsFile = ./secrets.yaml;