feat(networking): use client-id and client-secret for tailscale auth

modules/nixos/default.nix

@@ -95,7 +95,6 @@ in
       age.sshKeyPaths = [ "/persist/home/rafiq/.ssh/id_ed25519" ];
       secrets = {
         "keys/openrouter" = { };
-        "keys/tailscale" = { };
         "keys/gemini" = { };
         "keys/cvt-jira" = { };
         "keys/cloudflare" = { };
@@ -104,6 +103,8 @@ in
         "rafiq/hashedPassword".neededForUsers = true;
         "rafiq/personalEmailPassword" = { };
         "rafiq/workEmailPassword" = { };
+        "tailscale/client-id" = { };
+        "tailscale/client-secret" = { };
       };
     };
     environment.shellInit = # sh

modules/nixos/networking/default.nix

@@ -17,7 +17,8 @@ in
 
   services.tailscale = {
     enable = true;
-    authKeyFile = config.sops.secrets."keys/tailscale".path;
+    authKeyFile = config.sops.secrets."tailscale/client-secret".path;
+    authKeyParameters.preauthorized = true;
   };
   persistDirs = singleton "/var/lib/tailscale";
 }