From 801e0cb2e92195ef05e90dd2f2702d5640748331 Mon Sep 17 00:00:00 2001
From: Alessio Caiazza <svc-github@caiazza.info>
Date: Wed, 1 Jan 2025 18:09:11 +0100
Subject: [PATCH] tailscale: fix broken DNS on IPv6 only tailnets

When a tailnet has the disableIPv4 settings it will not deploy IPv4, resolving any ts.net address is broken because 100.100.100.100 is not reachable.

https://tailscale.com/kb/1337/acl-syntax#disableipv4

Co-authored-by: Michael Hoang <Enzime@users.noreply.github.com>
Co-authored-by: Sam <30577766+Samasaur1@users.noreply.github.com>
---
 modules/services/tailscale.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix
index e7d6b0d4..124d8c25 100644
--- a/modules/services/tailscale.nix
+++ b/modules/services/tailscale.nix
@@ -33,7 +33,7 @@ in
           1. at least one DNS server is added
           2. `Override local DNS` is enabled
 
-        As this option sets 100.100.100.100 as your sole DNS server, if the requirements above are not met,
+        As this option sets 100.100.100.100 and fd7a:115c:a1e0::53 as your sole DNS servers, if the requirements above are not met,
         all non-MagicDNS queries WILL fail.
       '';
     };
@@ -41,7 +41,7 @@ in
 
   config = mkIf cfg.enable {
     assertions = [{
-      assertion = !cfg.overrideLocalDns || config.networking.dns == [ "100.100.100.100" ];
+      assertion = cfg.overrideLocalDns -> (builtins.any (x: x != "100.100.100.100" || x != "fd7a:115c:a1e0::53") config.networking.dns);
       message = ''
         DNS servers should be configured on the Tailscale control panel when `services.tailscale.overrideLocalDns` is enabled.
 
@@ -61,10 +61,13 @@ in
       };
     };
 
-    networking.dns = mkIf cfg.overrideLocalDns [ "100.100.100.100" ];
+    networking.dns = mkIf cfg.overrideLocalDns [ "100.100.100.100" "fd7a:115c:a1e0::53" ];
 
     # Ensures Tailscale MagicDNS always works even without adding 100.100.100.100 to DNS servers
-    environment.etc."resolver/ts.net".text = "nameserver 100.100.100.100";
+    environment.etc."resolver/ts.net".text = ''
+      nameserver 100.100.100.100
+      nameserver fd7a:115c:a1e0::53
+    '';
 
     # This file gets created by tailscaled when `Override local DNS` is turned off
     environment.etc."resolver/ts.net".knownSha256Hashes = [