diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index dca611a..fd67601 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -95,7 +95,6 @@ in age.sshKeyPaths = [ "/persist/home/rafiq/.ssh/id_ed25519" ]; secrets = { "keys/openrouter" = { }; - "keys/tailscale" = { }; "keys/gemini" = { }; "keys/cvt-jira" = { }; "keys/cloudflare" = { }; @@ -104,6 +103,8 @@ in "rafiq/hashedPassword".neededForUsers = true; "rafiq/personalEmailPassword" = { }; "rafiq/workEmailPassword" = { }; + "tailscale/client-id" = { }; + "tailscale/client-secret" = { }; }; }; environment.shellInit = # sh diff --git a/modules/nixos/networking/default.nix b/modules/nixos/networking/default.nix index c103d39..384af80 100644 --- a/modules/nixos/networking/default.nix +++ b/modules/nixos/networking/default.nix @@ -17,7 +17,8 @@ in services.tailscale = { enable = true; - authKeyFile = config.sops.secrets."keys/tailscale".path; + authKeyFile = config.sops.secrets."tailscale/client-secret".path; + authKeyParameters.preauthorized = true; }; persistDirs = singleton "/var/lib/tailscale"; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 7854d39..8369800 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -5,7 +5,6 @@ rafiq: oldSMBCredentials: ENC[AES256_GCM,data:aY41trUJcvGa584H0A==,iv:3h9AZ33HXWT4D/vGMyy/o+TXyGg75Ixcj3+h2EskvIQ=,tag:dDo55h1ljOYLZBHn9bK7ew==,type:str] keys: openrouter: ENC[AES256_GCM,data:Uddc0leKVD2xxpvDpsTJV3qZ4oe89Uz6dJMuzF/TeI5iIrG+DNIAYPcnIQiA6LDScO9mag8XNiYpYH7lyMnUg1cvThChiVhO+A==,iv:RHSrL/L74dSvLKAvGwyMME53RzKr2+RDnI8xBpDJVng=,tag:d81mr26SeStmAa8UgEF/LA==,type:str] - tailscale: ENC[AES256_GCM,data:sW64TZY/GtWD+8KOQDHYvnwzWiqOlsJ5782utaxVwUaiWa18hU+Ppd3gp/8f0R3rK6gskaPC22iuCuzvuA==,iv:TN2zWKgU6eXH3uaL7Ci2JKmo8Ql4DUSWS3Lxfnag7j4=,tag:s5of4wLdCp6b5VMGWLLxvw==,type:str] gemini: ENC[AES256_GCM,data:t4XTzJLMbHBG7LNaWMwO0YyYHREYOp4Zn95Kwshunnpwq9ezVv+0,iv:ZHq1ytak7Qy5a/zHghwEIWRinDWAkk2Vxw4iu/Q/UPk=,tag:Wyk0FqLTOWelznWHg/anxg==,type:str] cvt-jira: ENC[AES256_GCM,data:y9enN905hAxp9F6TPcnYdcnA7VQQjTsysltBn7k9CVtOYUDBX5UKCbO4VEE=,iv:Hy/RshBTSFqEVlHq/fi/UqNdbzBvMaBmXnSHAz0WplY=,tag:bBgB+HJdHRu4bg/f9vq9nw==,type:str] cloudflare: ENC[AES256_GCM,data:nrtHnQR0Oon9BrSN0AeAjl8H8B7quuwSu/Qjabe9HFpWgcZq9n1JCA==,iv:ovyHqy5iKXDYXe4H7eRA51+kODhP+vAWoc98cS/6zG0=,tag:JyktO6EMRZ00CRhTb03+fg==,type:str] @@ -19,6 +18,9 @@ librechat: jwt_refresh_secret: ENC[AES256_GCM,data:/4X6h51oRRaOg7UZ/zUcS1L8QyFnhsTYrz8D6R3ZP/tFAEMO/IfYJHHQQ8UtgKjAEwIVYcpIco8lUDhm06folw==,iv:02/LgoiMZ6MzBSd+JAi+iuF3dzqsVyqX6gQfWPY8sIc=,tag:5VrCh7ZKNJD3ynjcyQpVyg==,type:str] matterbridge: mattermost-password: ENC[AES256_GCM,data:sMk4M2gADl1iPA7XEH1/D3sw,iv:YnTYTo0NVJVLtS/uhaodoCuyDqJf6IKCojKFljKSFCE=,tag:8vEK0RyxopiPUcML6hwqpg==,type:str] +tailscale: + client-id: ENC[AES256_GCM,data:YxL4lpnSpz+UQQdoVK/KC/o=,iv:ZGV/ZAdvpmUUlRcbP60ALcxMVzdiXiAxedRyl4sZbaQ=,tag:18Qmvw9aK8CaUUKXE7C7MA==,type:str] + client-secret: ENC[AES256_GCM,data:+PZ3iqj/s6HOoCZJqglt+uzGXy5bJmnqqt7dQReZj/5HTNUlE+QqnCdXNoQkGqnuZ/TN44AExZpowh6NXYyGVQ==,iv:LCZgNZz7qCfk1zXcZTczSoA0a9BF36sV+IpB+ce73P0=,tag:E/vVE6persTCPKbOvvmTjw==,type:str] sops: age: - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 @@ -30,7 +32,7 @@ sops: WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-17T19:11:07Z" - mac: ENC[AES256_GCM,data:EVDPzk2P284ULwMx/hCQeP4eehIiqx5OxhNDc17KhjRv19iPUjzhX7/SQy+r34ZfiKSFnB2W3zmhl6JtGqme10v4xZDT+D5wBLrYU7h4ylht65iDo0Eaw38TNLXPNqfNlKWqTcpgvMpez26CdL/7v3bUKU0aLYX0HkVxl2CQt5g=,iv:gujsDVgpH7RajOliQxL7Unkm24Xqp7BEeYtUMyXq2oc=,tag:KdKXPJ4cF2myFe4vJ1/YnQ==,type:str] + lastmodified: "2025-06-29T19:38:14Z" + mac: ENC[AES256_GCM,data:vn5y4Jlbv6foOB15XWE8kVsxIfTqswUDNsOoOyL/84AZtD69E5QpiUE6ed1DmQAcKxEI/H8OYbdijFYJ5jB8CGp8huwuQ4h+dYKDV+OtX7uk6w2E31fcJ54xCYdpHA3rTyiEh3S5aS+YLcEsHWmHlwebBxYg3tIwXDSOcVrIGgo=,iv:KfpSrigxu8dxjHO1sINTAuZ0mfRVsHsliqHRxfWQq4E=,tag:z3lBzeBETxZOQ9/hSFd/cg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2