vno1-op5p: add tailscale and deployerbot-follower

2024-03-10 16:05:47 +02:00 · 2024-03-10 16:05:47 +02:00 · b790d6a5f2
parent ac69473a17
commit b790d6a5f2
1 changed files with 16 additions and 4 deletions
--- a/hosts/vno1-op5p/configuration.nix
+++ b/hosts/vno1-op5p/configuration.nix
@ -52,12 +52,24 @@ in {
    };

    services = {
+      tailscale.enable = true;
      node_exporter.enable = true;
-    };
+      sshguard.enable = true;

-    services.postfix = {
-      enable = true;
-      saslPasswdPath = config.age.secrets.sasl-passwd.path;
+      postfix = {
+        enable = true;
+        saslPasswdPath = config.age.secrets.sasl-passwd.path;
+      };
+
+      deployerbot = {
+        follower = {
+          inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey;
+
+          enable = true;
+          sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
+          uidgid = myData.uidgid.updaterbot-deployee;
+        };
+      };
    };
  };