From a507a5380d4ae79e1d4982ea4a97cd4976d0bc95 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Wed, 4 Nov 2020 21:53:02 +0000
Subject: [PATCH] ops/nixos: allow all traffic in on tailscale0

---
 ops/nixos/lib/common.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix
index 30d3296df4..4484dc9413 100644
--- a/ops/nixos/lib/common.nix
+++ b/ops/nixos/lib/common.nix
@@ -102,6 +102,11 @@ in
     programs.mtr.enable = true;
     services.openssh.enable = true;
     services.tailscale.enable = true;
+    networking.firewall.interfaces.tailscale0 = {
+      # Just allow anything in on tailscale0.
+      allowedTCPPortRanges = [{ from = 0; to = 65535; }];
+      allowedUDPPortRanges = [{ from = 0; to = 65535; }];
+    };
 
     boot = {
       kernelModules = [ "tcp_bbr" ];