nixos/routnerr-2: new WireGuard key and tailscale

Signed-off-by: Matt Layher <mdlayher@gmail.com>

nixos/lib/vargen/main.go

@@ -95,7 +95,7 @@ func main() {
 		Name:   "wg0",
 		Subnet: wg0,
 	}
-	wg.addPeer("matt-3", "b3kX+KbsjHDajUIe7Q7F/kEfSNdJ3Phv9Z4zqqlD7iE=")
+	wg.addPeer("matt-3", "owbwahkmPWQg97iDSfn4dc80f2MYegEbnCAszExlbi8=")
 
 	// Set up the output structure and create host/infra records.
 	out := output{

nixos/lib/vars.json

@@ -264,7 +264,7 @@
 		"peers": [
 			{
 				"name": "matt-3",
-				"public_key": "b3kX+KbsjHDajUIe7Q7F/kEfSNdJ3Phv9Z4zqqlD7iE=",
+				"public_key": "owbwahkmPWQg97iDSfn4dc80f2MYegEbnCAszExlbi8=",
 				"allowed_ips": [
 					"192.168.20.10/32",
 					"2600:6c4a:787f:1914::a/128",

nixos/routnerr-2/networking.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 
 let
+  unstable = import <nixos-unstable-small> { };
   vars = import ./lib/vars.nix;
 
   ethLink = (name:
@@ -192,6 +193,12 @@ in {
     };
   };
 
+  services.tailscale = {
+    enable = true;
+    package = unstable.tailscale;
+    interfaceName = "ts0";
+  };
+
   # Enable WireGuard Prometheus exporter and set up peer key/name mappings.
   # TODO: nixify the configuration.
   services.wireguard_exporter = {