From 343dd8fffc47aaa598eb29e35139b4b785e08fe2 Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Sun, 18 May 2025 23:08:53 +0800
Subject: [PATCH] feat(modules/networking): enable tailscale

---
 modules/nixos/hardware/networking.nix | 4 ++++
 modules/nixos/system/secrets.nix      | 1 +
 secrets/secrets.yaml                  | 6 ++++--
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix
index 8ef7679..5bdd60e 100644
--- a/modules/nixos/hardware/networking.nix
+++ b/modules/nixos/hardware/networking.nix
@@ -5,6 +5,10 @@
   networking.useDHCP = lib.mkDefault true;
   networking.hostName = config.system.hostname;
   networking.networkmanager.enable = true;
+
+  services.tailscale = {
+  enable = true;
+  authKeyFile = config.sops.secrets."keys/tailscale".path;};
     }
   ];
 }
diff --git a/modules/nixos/system/secrets.nix b/modules/nixos/system/secrets.nix
index 6206b88..c3b5e18 100644
--- a/modules/nixos/system/secrets.nix
+++ b/modules/nixos/system/secrets.nix
@@ -4,6 +4,7 @@
     defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
     age.sshKeyPaths = ["/persist/home/rafiq/.ssh/id_ed25519"];
     secrets = {
+      "keys/tailscale" = {};
       "rafiq/hashedPassword".neededForUsers = true;
     };
   };
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index f80aae1..ea6faa0 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,5 +1,7 @@
 rafiq:
     hashedPassword: ENC[AES256_GCM,data:SzzSPg5Ze4H+fVl6ZvAULO9FDfRehusmP6uldT4Ok2/9ZeOp9r4LgjKajoiw2A1DWD1zQ1GQwMCHKpeZjCC4rBUNWW5DMcBUJA==,iv:KktKuqr0JNhjeJIlIgkoAv6mP2dQlfQrXiIOASLPkbw=,tag:g9LarkT6EjDrH+dXSjMwPg==,type:str]
+keys:
+    tailscale: ENC[AES256_GCM,data:sW64TZY/GtWD+8KOQDHYvnwzWiqOlsJ5782utaxVwUaiWa18hU+Ppd3gp/8f0R3rK6gskaPC22iuCuzvuA==,iv:TN2zWKgU6eXH3uaL7Ci2JKmo8Ql4DUSWS3Lxfnag7j4=,tag:s5of4wLdCp6b5VMGWLLxvw==,type:str]
 sops:
     age:
         - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
@@ -11,7 +13,7 @@ sops:
             WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY
             M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-18T14:48:00Z"
-    mac: ENC[AES256_GCM,data:ZXqR1G5h1airqlLPi/yyRgVycqk8aMEBKihOqTXpeKIXev5upA5P5+I4ZQtVXTtSkwzIiRRhkzQfGnASjEGWezNRoPZffjIbMn7RkssyUcz+lFKinec1ZZJxc51lOGP22gP/qrcGjmtqDgVDfWsjTtaZjlr3qmL5e6MK7RbhO5g=,iv:kGRvTNcPjsxvsP3EXVpnsQunCXXpYirAFsMEnVx0kR4=,tag:JVHIlhRW2x50M0gGgXy3oQ==,type:str]
+    lastmodified: "2025-05-18T15:07:27Z"
+    mac: ENC[AES256_GCM,data:u7oh4aDdtD++beaPPaTVA+jlgSl5UFr8NRYUtuaASd2hxSK+dNOmtirKYZEh5Bp2kfrcGrPIMqYHr4TIOZNkkUsQtGwSrDbkc4TqaulaXveoYQXag4x5ZNYxWlazjTrtSYKA60CARlq8/2CLH/QNSBC6wqRIhR9Yj5mjAj51DW8=,iv:xX/GQpMPKIhMzA02PX6fV2WD6NO4c9FHxkXlzP9PwWM=,tag:lWJXNgxgsXDHjgnNMt/EDw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2