nix: user space tailscale

nix/home.nix

@@ -945,6 +945,29 @@ in
       #   }
       # )
 
+      (
+        let name = "tailscaled";
+        in
+        lib.optionalAttrs prefs.enableHomeManagerTailScale {
+          services.${name} = {
+            enable = true;
+            Unit = {
+              Description = "user space tailscale daemon";
+              After = [ "network.target" ];
+            };
+            Install = { WantedBy = [ "default.target" ]; };
+            Service = {
+              RuntimeDirectory = name;
+              StateDirectory = name;
+              NoNewPrivileges = true;
+              ExecStart = ''
+                ${pkgs.tailscale}/bin/tailscaled --statedir=''${STATE_DIRECTORY} --socket=''${RUNTIME_DIRECTORY}/${name}.sock --port=0 --tun=userspace-networking --verbose 5
+              '';
+            };
+          };
+        }
+      )
+
       (
         let name = "foot";
         in
@@ -964,7 +987,7 @@ in
 
   home = {
     extraOutputsToInstall = prefs.extraOutputsToInstall;
-    packages = allPackages;
+    packages = allPackages ++ (lib.optionals prefs.enableHomeManagerTailScale [ pkgs.tailscale ]);
     stateVersion = prefs.homeManagerStateVersion;
   };
 

nix/prefs.nix

@@ -291,6 +291,7 @@ let
     enableAioproxy = !self.isMinimalSystem;
     aioproxyPort = 4443;
     enableTailScale = !self.isMinimalSystem;
+    enableHomeManagerTailScale = false;
     enableNetbird = !self.isMinimalSystem;
     enableX2goServer = false;
     enableDebugInfo = false;
@@ -1025,6 +1026,7 @@ let
     } else if hostname == "zklab-5" then {
       home = "/home/contrun";
       isMinimalSystem = false;
+      enableHomeManagerTailScale = true;
     } else if hostname == "aol" then {
       isMinimalSystem = false;
       hostId = "85d4bfd4";