From fda7e0537d640a3f77a523a69da48f58a7ccc843 Mon Sep 17 00:00:00 2001 From: Fuwn Date: Sun, 22 Sep 2024 14:05:31 -0700 Subject: tailscale: authenticate on all systems --- modules/core/networking/vpn/tailscale.nix | 1 + modules/core/security/sops.nix | 1 + modules/server/default.nix | 1 - modules/server/systemd.nix | 13 ------------- 4 files changed, 2 insertions(+), 14 deletions(-) delete mode 100644 modules/server/systemd.nix (limited to 'modules') diff --git a/modules/core/networking/vpn/tailscale.nix b/modules/core/networking/vpn/tailscale.nix index 06c5b50..0228915 100644 --- a/modules/core/networking/vpn/tailscale.nix +++ b/modules/core/networking/vpn/tailscale.nix @@ -17,6 +17,7 @@ tailscale = { enable = true; useRoutingFeatures = "both"; + authKeyFile = config.sops.secrets.tailscale_authentication_key.path; }; networkd-dispatcher = { diff --git a/modules/core/security/sops.nix b/modules/core/security/sops.nix index 8a68acf..c98a533 100644 --- a/modules/core/security/sops.nix +++ b/modules/core/security/sops.nix @@ -6,6 +6,7 @@ sops = { gnupg.sshKeyPaths = [ ]; + secrets.tailscale_authentication_key.sopsFile = ../../../secrets/hosts.yaml; age = { sshKeyPaths = [ ]; diff --git a/modules/server/default.nix b/modules/server/default.nix index 5ada608..f5ba744 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -7,7 +7,6 @@ ./networking ./sops.nix ./system.nix - ./systemd.nix ./users.nix ./virtualisation.nix ]; diff --git a/modules/server/systemd.nix b/modules/server/systemd.nix deleted file mode 100644 index 1ffc1ce..0000000 --- a/modules/server/systemd.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: -{ - systemd.services.tailscale-up = { - after = [ "tailscaled.service" ]; - requires = [ "tailscaled.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "/run/current-system/sw/bin/tailscale up --authkey ${config.sops.secrets.tailscale_authentication_key.path}"; - Restart = "on-failure"; - }; - }; -} -- cgit v1.2.3