From 44b57d095ba424df49e7a64f0dd9eba877d62386 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@google.com>
Date: Tue, 11 Feb 2020 16:27:34 +0000
Subject: feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh

---
 ops/nixos/camden/default.nix | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'ops')

diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 9a960600db..d1d601ecb0 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -7,6 +7,8 @@ config: let
     config.allowUnfree = true;
   };
 in pkgs.lib.fix(self: {
+  imports = [ ../modules/tailscale.nix ];
+
   # camden is intended to boot unattended, despite having an encrypted
   # root partition.
   #
@@ -72,9 +74,17 @@ in pkgs.lib.fix(self: {
 
   # System-wide application setup
   programs.fish.enable = true;
-  environment.systemPackages = with nixpkgs; [
-    curl emacs26-nox git gnupg pass pciutils
-  ];
+  environment.systemPackages =
+    # programs from the depot
+    (with pkgs; [
+      third_party.git
+      third_party.tailscale
+    ]) ++
+
+    # programs from nixpkgs
+    (with nixpkgs; [
+      curl emacs26-nox gnupg pass pciutils direnv
+    ]);
 
   # Services setup
   services.openssh.enable = true;
@@ -86,5 +96,13 @@ in pkgs.lib.fix(self: {
     shell = nixpkgs.fish;
   };
 
+  # Join Tailscale into home network
+  services.tailscale = {
+    enable = true;
+    relayConf = "/etc/tailscale.conf";
+    aclFile = null; # allow all traffic for testing
+    package = pkgs.third_party.tailscale;
+  };
+
   system.stateVersion = "19.09";
 })
-- 
cgit 1.4.1