diff --git a/configs/networking.nix b/configs/networking.nix
index 0c40795..22adb83 100644
--- a/configs/networking.nix
+++ b/configs/networking.nix
@@ -1,4 +1,9 @@
-{ hostname, lib, ... }:
+{
+  hostname,
+  lib,
+  config,
+  ...
+}:
 {
   networking = {
     hostName = hostname;
@@ -28,5 +33,8 @@
     interfaces.enp12s0.wakeOnLan.enable = true;
   };
   services.openssh.enable = true;
-  services.tailscale.enable = true;
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets.ts_auth_key.path;
+  };
 }
diff --git a/configs/security.nix b/configs/security.nix
index 298f595..19c4c14 100644
--- a/configs/security.nix
+++ b/configs/security.nix
@@ -8,6 +8,7 @@
     defaultSopsFile = ./secrets/secrets.yaml;
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
     secrets.password.neededForUsers = true;
+    secrets.ts_auth_key = { };
   };
 
   security.sudo.wheelNeedsPassword = false;