1 files changed, 14 insertions, 1 deletions

diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix
index 886a3a1be7..af2dfb02a5 100644
--- a/ops/machines/sanduny/default.nix
+++ b/ops/machines/sanduny/default.nix
@@ -15,12 +15,16 @@ in
 {
   imports = [
     (mod "cgit.nix")
+    (mod "depot-inbox.nix")
     (mod "depot-replica.nix")
     (mod "journaldriver.nix")
     (mod "known-hosts.nix")
     (mod "tvl-cache.nix")
+    (mod "tvl-headscale.nix")
     (mod "tvl-users.nix")
+    (mod "www/inbox.tvl.su.nix")
     (mod "www/self-redirect.nix")
+    (mod "www/volgasprint.org.nix")
   ];
 
   networking = {
@@ -69,6 +73,13 @@ in
   services.openssh.enable = true;
   services.fail2ban.enable = true;
 
+  # Run tailscale for the TVL net.tvl.fyi network.
+  # tailscale up --login-server https://net.tvl.fyi --accept-dns=false --advertise-exit-node
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "server"; # for exit-node usage
+  };
+
   # Automatically collect garbage from the Nix store.
   services.depot.automatic-gc = {
     enable = true;
@@ -87,13 +98,15 @@ in
     repo = "/var/lib/depot";
   };
 
+  # Serve public-inbox ...
+  services.depot.inbox.enable = true;
+
   time.timeZone = "UTC";
 
   # GRUB does not actually need to be installed on disk; Bitfolk have
   # their own way of booting systems as long as config is in place.
   boot.loader.grub.device = "nodev";
   boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
   boot.initrd.availableKernelModules = [ "xen_blkfront" ];
 
   hardware.cpu.intel.updateMicrocode = true;