desko: add tailscale config; move slack/zoom behind a "work" role

2025-05-30 03:02:46 +00:00
parent 92f68baaf9
commit 83855f7d6a
4 changed files with 29 additions and 2 deletions
--- a/hosts/by-name/desko/default.nix
+++ b/hosts/by-name/desko/default.nix
@@ -22,6 +22,7 @@
  sane.roles.build-machine.enable = true;
  sane.roles.client = true;
  sane.roles.pc = true;
+  sane.roles.work = true;
  sane.services.ollama.enable = true;
  sane.services.wg-home.enable = true;
  sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -430,13 +430,11 @@ in
      # "slic3r"
      "soundconverter"
      # "spotify"  # x86-only
-      "slack"  # x86-only
      "tor-browser"  # x86-only
      # "vlc"
      "wireshark"  # could maybe ship the cli as sysadmin pkg
      # "xterm"  # requires Xwayland
      # "zecwallet-lite"  # x86-only
-      "zoom-us"
      # "zulip"
    ];

--- a/hosts/modules/roles/default.nix
+++ b/hosts/modules/roles/default.nix
@@ -5,5 +5,6 @@
    ./client
    ./handheld.nix
    ./pc.nix
+    ./work.nix
  ];
 }
--- a/hosts/modules/roles/work.nix
+++ b/hosts/modules/roles/work.nix
@@ -0,0 +1,27 @@
+{ config, lib, ... }:
+{
+  options.sane.roles.work = with lib; mkOption {
+    type = types.bool;
+    default = false;
+    description = ''
+      programs/services used when working for hire.
+    '';
+  };
+
+  config = lib.mkIf config.sane.roles.work {
+    ### TAILSCALE
+    # first run:
+    # - `tailscale login --hostname $myHostname`
+    sane.persist.sys.byStore.private = [
+      { user = "root"; group = "root"; mode = "0700"; path = "/var/lib/tailscale"; method = "bind"; }
+    ];
+    services.tailscale.enable = true;
+    # services.tailscale.useRoutingFeatures = "client";
+    services.tailscale.extraSetFlags = [ "--accept-routes" ];
+
+    sane.programs.guiApps.suggestedPrograms = [
+      "slack"
+      "zoom-us"
+    ];
+  };
+}