stuff

profiles/trusted/default.nix

@@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  options.profiles.trusted = {
+    enable = lib.mkEnableOption "trusted";
+  };
+}

profiles/trusted/syncthing.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.trusted;
+  inherit (config.networking) hostName;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.syncthing = {
+      enable = true;
+      systemService = true;
+      openDefaultPorts = true;
+      guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
+      overrideDevices = false;
+      overrideFolders = false;
+    };
+  };
+}

profiles/trusted/tailscale.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.trusted;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "both"; # TODO
+    };
+
+    networking.firewall.trustedInterfaces = [
+      config.services.tailscale.interfaceName
+    ];
+  };
+}