Test

nixos/hosts/nixos-rpi4-03/temp.nix

@@ -1,6 +1,6 @@
 {pkgs, lib, config, ...}: {
-    # networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 80 443 ];
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    # networking.firewall.allowedTCPPorts = [ 80 443 ];
 
     services.nginx = {
         enable = true;

nixos/hosts/osaka-vultr-01/default.nix

@@ -20,4 +20,17 @@
   networking.hostName = "osaka-vultr-01";
   
   networking.firewall.allowedTCPPorts = [ 22 ];
+  
+  # Generic Tailscale configs are in /nixos/common/services/tailscale.nix  
+  # Set up the secrets file:
+  sops.secrets."tailscale_keys/osaka-vultr-01" = {
+    owner = "root";
+    sopsFile = ../../../secrets/tailscale.yaml;
+    restartUnits = [ 
+      "tailscaled.service"
+      "tailscaled-autoconnect.service" 
+    ];
+  };
+  services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-vultr-01";
+  services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
 }

nixos/hosts/osaka-vultr-01/xinetd.nix

@@ -1,5 +1,5 @@
 { config, lib, pkgs, ... }: {
- networking.firewall.interfaces.eno3.allowedTCPPorts = [
+ networking.firewall.allowedTCPPorts = [
     80
     443
  ];