tailscale: authenticate on all systems

4 files changed, 2 insertions, 14 deletions

diff --git a/modules/core/networking/vpn/tailscale.nix b/modules/core/networking/vpn/tailscale.nix
index 06c5b50..0228915 100644
--- a/modules/core/networking/vpn/tailscale.nix
+++ b/modules/core/networking/vpn/tailscale.nix
@@ -17,6 +17,7 @@
     tailscale = {
       enable = true;
       useRoutingFeatures = "both";
+      authKeyFile = config.sops.secrets.tailscale_authentication_key.path;
     };
 
     networkd-dispatcher = {
diff --git a/modules/core/security/sops.nix b/modules/core/security/sops.nix
index 8a68acf..c98a533 100644
--- a/modules/core/security/sops.nix
+++ b/modules/core/security/sops.nix
@@ -6,6 +6,7 @@
 
   sops = {
     gnupg.sshKeyPaths = [ ];
+    secrets.tailscale_authentication_key.sopsFile = ../../../secrets/hosts.yaml;
 
     age = {
       sshKeyPaths = [ ];
diff --git a/modules/server/default.nix b/modules/server/default.nix
index 5ada608..f5ba744 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -7,7 +7,6 @@
     ./networking
     ./sops.nix
     ./system.nix
-    ./systemd.nix
     ./users.nix
     ./virtualisation.nix
   ];
diff --git a/modules/server/systemd.nix b/modules/server/systemd.nix
deleted file mode 100644
index 1ffc1ce..0000000
--- a/modules/server/systemd.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-{
-  systemd.services.tailscale-up = {
-    after = [ "tailscaled.service" ];
-    requires = [ "tailscaled.service" ];
-    wantedBy = [ "multi-user.target" ];
-
-    serviceConfig = {
-      ExecStart = "/run/current-system/sw/bin/tailscale up --authkey ${config.sops.secrets.tailscale_authentication_key.path}";
-      Restart = "on-failure";
-    };
-  };
-}