From b790d6a5f2453e38262f3a9e0a36b65eb1238d0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sun, 10 Mar 2024 16:05:47 +0200
Subject: [PATCH] vno1-op5p: add tailscale and deployerbot-follower

---
 hosts/vno1-op5p/configuration.nix | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/hosts/vno1-op5p/configuration.nix b/hosts/vno1-op5p/configuration.nix
index 0dbff6c..1219937 100644
--- a/hosts/vno1-op5p/configuration.nix
+++ b/hosts/vno1-op5p/configuration.nix
@@ -52,12 +52,24 @@ in {
     };
 
     services = {
+      tailscale.enable = true;
       node_exporter.enable = true;
-    };
+      sshguard.enable = true;
 
-    services.postfix = {
-      enable = true;
-      saslPasswdPath = config.age.secrets.sasl-passwd.path;
+      postfix = {
+        enable = true;
+        saslPasswdPath = config.age.secrets.sasl-passwd.path;
+      };
+
+      deployerbot = {
+        follower = {
+          inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey;
+
+          enable = true;
+          sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
+          uidgid = myData.uidgid.updaterbot-deployee;
+        };
+      };
     };
   };