28 lines
529 B
Nix
28 lines
529 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
outputs,
|
|
constants,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
outputs.nixosModules.tailscale
|
|
];
|
|
|
|
services.tailscale = {
|
|
enable = true;
|
|
# Connect to our own headscale instance
|
|
loginServer = "https://${constants.services.headscale.fqdn}";
|
|
# Allow SSH access over Tailscale
|
|
enableSSH = true;
|
|
# Use MagicDNS names
|
|
acceptDNS = true;
|
|
|
|
# Auth key for automated enrollment
|
|
authKeyFile = config.sops.secrets."tailscale/auth-key".path;
|
|
};
|
|
|
|
sops.secrets."tailscale/auth-key" = { };
|
|
}
|