From 4fb3b218bc2826dac6305e45920acce6e6244a46 Mon Sep 17 00:00:00 2001 From: KoenDR06 Date: Tue, 7 Oct 2025 13:57:05 +0200 Subject: [PATCH] tailscale secret --- modules/base/secrets.nix | 1 + modules/network/tailscale.nix | 5 ++++- secrets.nix | 6 +++--- secrets/tailscale.age | 17 +++++++++++++++++ secrets/wifi.age | 34 +++++++++++++++++----------------- 5 files changed, 42 insertions(+), 21 deletions(-) create mode 100644 secrets/tailscale.age diff --git a/modules/base/secrets.nix b/modules/base/secrets.nix index 6699d79..85c9a14 100644 --- a/modules/base/secrets.nix +++ b/modules/base/secrets.nix @@ -20,6 +20,7 @@ in { age.secrets = { wifi.file = secretFile "wifi.age"; + tailscale.file = secretFile "tailscale.age"; personalSSHpub = { file = secretFile "ssh/id_personal.pub.age"; diff --git a/modules/network/tailscale.nix b/modules/network/tailscale.nix index 3b03fc0..3c342b8 100644 --- a/modules/network/tailscale.nix +++ b/modules/network/tailscale.nix @@ -13,6 +13,9 @@ in { }; config = mkIf cfg.enable { - services.tailscale.enable = true; + services.tailscale = { + enable = true; + authKeyFile = toString config.age.secrets.tailscale.path; + }; }; } diff --git a/secrets.nix b/secrets.nix index 50b3041..577fb6b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -18,6 +18,6 @@ let "ssh/id_github.pub" "ssh/config" ]; - attrs = (map (secret: {"secrets/${secret}.age".publicKeys = all;}) secrets); - -in builtins.foldl' (acc: curr: acc // curr) {} attrs + attrs = map (secret: {"secrets/${secret}.age".publicKeys = all;}) secrets; +in + builtins.foldl' (acc: curr: acc // curr) {} attrs diff --git a/secrets/tailscale.age b/secrets/tailscale.age new file mode 100644 index 0000000..83ef4f2 --- /dev/null +++ b/secrets/tailscale.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9tczZkdyBvYW5B +RzZpbUdCSjhORVh1OVYxOU95aGdsU2FGdHUxdkdMdTV3RHM5bEM0Ck9YYVFDVmo5 +eXBoczBrYyttT00wZnNsN1pobmpqbUJJSWdqL3ZpTlYyL1kKLT4gc3NoLWVkMjU1 +MTkgZ1BJZFpBIC84amZJMDB0TUVCbFFKVnhieW5CK2Zaa1ZtNGdlSU52bDVkR0dr +UVdpUm8KTkl1dHBQcXJMakR0UTlLS095c2FscmVWWlViejl0Q2VnN05zRXUvWGVK +QQotPiBzc2gtZWQyNTUxOSBkYk9laEEgYnVZOW9MSk5tSDR3NFJqdEJyeVlaSHpl +eW1WRUliQjdnMHRkU0UwSklsNAp0MjlNbG04NVM5OFlRZXNwanVweEFsa0xUc1lx +ZDJPZXFWd2U5ZVQyeUtVCi0+IHNzaC1lZDI1NTE5IHR2L0N6ZyBETDdzaFhIejcv +Zlk5TWFlMlZLajlCTmVkL1ZEaGdiV1h2bmRWRm01dHkwCmEvVUp6VCt1Wk4zS3hy +L0RLbERnL3IrKzExckI5bk8xYWdSNmJqQTVtMjAKLT4gVTwiT2EtZ3JlYXNlIDF8 +CkdsMVhKM2d3S2M4RUN5R2tEdlFPWUc1dS8rVlhObUg2dVFHdmNxd3NtT0JzWG1l +UGQ3akY1WDNsV3BsRTB2ZU4KCi0tLSA1cDJrelJXZk9hUlE1NWRzV0piMldmMGlS +aUFZM21DVlJpaVp3RUVlei9BCkOVUb5xULj8Q65POTDTxXqgAXpiPkDzunz+aoUc +7380yCBYwhIltHPz3sGlbtAzEPiidhwyncPqh/Alcp9JHXT9uGXS+hDYn5KCyRhf +Yav7aiXhaMJ9SSxiTstgsiQ= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/wifi.age b/secrets/wifi.age index 007fb91..1078828 100644 --- a/secrets/wifi.age +++ b/secrets/wifi.age @@ -1,19 +1,19 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9tczZkdyBlT0NY -Zi9EMHZET21rS0F3NmJId01uWUFhdkpNK0pwWnkzMEJOZUNOQ25rCjVmMGx4aDgy -M3NTNFdKN05aRk1xb0pacG1RelZpeEg1N0VJYXVkSlBnUEUKLT4gc3NoLWVkMjU1 -MTkgZ1BJZFpBIFFiKytSdFdETW0wZnZUUFI4d0JlTnFGcWNJTisreG00QkpYdm96 -UkNjRG8KUDluQXR4WGRMUFpCVXZBWVJ1cmk5Z1ZSNE1Nc1ZDcWdtNEt6Rm1sUkJR -awotPiBzc2gtZWQyNTUxOSBkYk9laEEgUHBiZFRsanNSWk9VTnVKelhyZzRWS2RX -TXd6OWhweWI0eDNvUzRuSzRHWQp2S2oxVGovb1JnV1ZXMFF3Y08xeWJaY0VvaXRs -OU1WU3FoRG5NVWJnRVFNCi0+IHNzaC1lZDI1NTE5IHR2L0N6ZyBnTjZKbXdSLzQ0 -Kzc2d0Y1b0FNTmRqTy9hWnZnQWdQOE02RW8xMkZ6NVFjCjFOS0xsQmF5WWZMMzBB -eDJDSEloVVhSN1ExRHBncCtvd3VRZGpYQUZ0UnMKLT4ga298XC1ncmVhc2UgZXQ/ -NCNoIHZIMTEgcnQxU1M3MCMKNk43cFhiU216alQwVVIzV0d0SStDMkpJWkxHQkpR -MHdoM3licXB6Q3d2ZDVaR1R4Y3BpbWRCZmJNN1dWaXZzSQpPU0VvCi0tLSB3c0l5 -Q1M2UEdROEorNDd3Ly9KUjdyaUtTalV6cndmZXdhTXppVURuMmI0CjYjXNBGiM/L -1AAl0Y1Ickc8pzBm1A/1O1XKOl0yUblZ4Xl58xVU/VOJm9sT+otG6BTV3M3wrbfF -xbJFZKXOAAOAXBH0kSKKBAiIWyyibwfXX59+jfBDndfxSQ/BvNudZQ80Q08y7zdi -5MDg2Gt7/7qs+ORGiXAsjqriFV6Nk/uR2FVonoqzp7FitlF/4CM9u4+Mb6aGs7am -QQOGNjOs1Gcsn+SDOsRvne9TtaG4tuN8J8M3H2178uoX+S3fMQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9tczZkdyBGdGZs +SFhOVm5OWndYakZJWDZqVmxPT1R0cUIxeU9GakUzdGoycE9HN0VFClpZYzlSaXRj +NXhVK2swVVp6WWFhSXFXZHhxTVRQZy9KbWkxU1hTbVAyVHMKLT4gc3NoLWVkMjU1 +MTkgZ1BJZFpBIGdGcnkwaVU2OGQ5YW9xNXdPbllJdVlza2hyaXNMcWg2RG5Xaysz +Z0xhQXcKMkhwYlRBVm1US29qZmZaRzc3b2ZQbzMwRjdlTGVFdjdWQ0FTZ1E4N3VW +WQotPiBzc2gtZWQyNTUxOSBkYk9laEEgTVpHN1V1TXpvdWF5dmc3VUt2QXlMbU54 +akVac2VsSjU5WnFmVXBDMEZBZwpZVVdhc3RaQUFSai82a1c3bjcySkl0U3BlMlhw +T2RRaVJHY2c5UlFNOG1JCi0+IHNzaC1lZDI1NTE5IHR2L0N6ZyBSOFFtZENJeW92 +NFhJamVHMnR4dHdHd05lM3pqL3NBc3N0UDYzelNDSVQ0CkR6bFpraVB5ZE4yUlJD +R25lVjRCekZqcXNKblM5bGhnMGVxMDU3R05XeGMKLT4gcUctZ3JlYXNlICUrZ3Bm +IHJFeU8KczdCZW1tUWJKeTRXTm5SSHpqM1R4eSs5QlRsZVl5QzZudEVvcE5VUmdn +Rjl6UEkrUjZ0bFN4QQotLS0gYzhuRzRGZ1dkdHhBRlZJZHdINWkzazZXZlpTdHg3 +MkJLVUl4akFSdkw2RQqUbSn3N7QWjAnH9nD+qeD4035Fsi9mU+5eIJhU+N4xlib/ +a9P6vqHcxhSHF8mZ4Lj8YLomDwW94T/AGraeRMAwkosfqvt4oTz6AytxT+Kitl7t +PczSUhUicHRc2X/1cFnkCbRmGc1KIChHZj3JMztis/tcR4VR/dV7iFY6ot6lFZEj +97xOfT4Wg90+PgJdgWfH8TIXF/V3lMFKld8wZwubNegnlFkB6bERWGvVhp/HEAFT +K1rNo6ChV686zRShIjsj -----END AGE ENCRYPTED FILE-----