From 49e44fb20ca693f5dd9ba5f804b29b019105e3aa Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 24 Oct 2025 09:52:19 -0700
Subject: configure rivendell to be an exit node for tailscale

---
 machines/nixos/x86_64-linux/rivendell.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'machines')

diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index dc0205d..271da7f 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -23,6 +23,9 @@
       wireguard = {
         file = ../../../secrets/rivendell/wireguard.age;
       };
+      ts = {
+        file = ../../../secrets/rivendell/ts.age;
+      };
     };
   };
 
@@ -79,6 +82,17 @@
 
   networking.firewall.allowedUDPPorts = [ 51871 ];
 
+  services.tailscale = {
+    useRoutingFeatures = "both";
+    authKeyFile = config.age.secrets.ts.path;
+    extraSetFlags = [
+      "--accept-dns=true"
+      "--accept-routes=true"
+      "--advertise-exit-node=true"
+      "--ssh"
+    ];
+  };
+
   my.modules.hardware.baremetal.enable = true;
   my.modules.remote-unlock.enable = true;
 
-- 
cgit v1.2.3