From fda7e0537d640a3f77a523a69da48f58a7ccc843 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Sun, 22 Sep 2024 14:05:31 -0700
Subject: tailscale: authenticate on all systems

---
 modules/core/networking/vpn/tailscale.nix | 1 +
 modules/core/security/sops.nix            | 1 +
 2 files changed, 2 insertions(+)

(limited to 'modules/core')

diff --git a/modules/core/networking/vpn/tailscale.nix b/modules/core/networking/vpn/tailscale.nix
index 06c5b50..0228915 100644
--- a/modules/core/networking/vpn/tailscale.nix
+++ b/modules/core/networking/vpn/tailscale.nix
@@ -17,6 +17,7 @@
     tailscale = {
       enable = true;
       useRoutingFeatures = "both";
+      authKeyFile = config.sops.secrets.tailscale_authentication_key.path;
     };
 
     networkd-dispatcher = {
diff --git a/modules/core/security/sops.nix b/modules/core/security/sops.nix
index 8a68acf..c98a533 100644
--- a/modules/core/security/sops.nix
+++ b/modules/core/security/sops.nix
@@ -6,6 +6,7 @@
 
   sops = {
     gnupg.sshKeyPaths = [ ];
+    secrets.tailscale_authentication_key.sopsFile = ../../../secrets/hosts.yaml;
 
     age = {
       sshKeyPaths = [ ];
-- 
cgit v1.2.3