Happy to answer any questions!
A bunch of us are currently in https://meet.google.com/qre-gydb-mkv chatting about this. (Edit: the hour is over; we all left)
The earlier Apr 1st blog post was https://tailscale.com/blog/tailscale-enterprise-plan-9-suppo...
Yes, you could do something like keep a small root fs or pack everything into the kernels paqfs to boot into a Tailscale VPN and pull root from another 9 machine on the VPN. Then pull resources in from other machines including non 9 systems.
Either way it makes VPN easy between 9 and non 9 machines. Otherwise Plan 9 can do it's own VPN-like over tls or ssh tunnels and bind remote network stacks to a local namespace. But that makes seamless Unix and Windows comms difficult.
> Otherwise Plan 9 can do it's own VPN-like over tls or ssh tunnels and bind remote network stacks to a local namespace
Note that one of Tailscale's main party tricks is NAT traversal, when both machines are behind different NATs and can't otherwise get a connection open to each other. (And then Tailscale ultimately falls back to a relay server on the internet if it can't get a direct connection for IP packets)
For situations where you have no control over the NAT then this is indeed the case.
Though, 9front lets you run your own NAT giving you an Internet facing 9 machine you can serve a TLS tunnel from directly. So the server side is solved making the client side NAT a non issue.
If your 9front machine is in a position on the network whereby it could serve a NAT, you don't have many networking problems at that point. Almost all operating systems can do NAT in such a position.
I'm talking about two machines deep in somebody else's network or where you don't control the router/NAT.
We actually have that nowadays... the config file support to tailscaled, as Irbe mentioned on the bug Jan 2024: https://github.com/tailscale/tailscale/issues/1412#issuecomm...
I've never set up a Plan 9 system... does this allow the distributed systems communications to run through my Tailnet?