From 20f1c33d5a32a892e167d5de056afbe2e769bab9 Mon Sep 17 00:00:00 2001
From: fuckwit <me@fuckwit.dev>
Date: Fri, 26 Apr 2024 23:36:33 +0200
Subject: [PATCH] fix formatting and add tailscale

---
 nixos/celestia/configuration.nix | 12 ++++++++++--
 nixos/celestia/secrets.yaml      |  5 +++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/nixos/celestia/configuration.nix b/nixos/celestia/configuration.nix
index b5cd428..0eaedd0 100644
--- a/nixos/celestia/configuration.nix
+++ b/nixos/celestia/configuration.nix
@@ -32,6 +32,7 @@
 in {
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets."acme.env" = {};
+  sops.secrets."tailscale-auth-key" = {};
 
   imports = [
     ./hardware-configuration.nix
@@ -89,8 +90,7 @@ in {
   ];
 
   users.groups.nas.gid = 2000;
-  users.users.nginx.extraGroups = [ "acme" ];
-
+  users.users.nginx.extraGroups = ["acme"];
 
   environment = {
     etc = {
@@ -119,6 +119,14 @@ in {
   };
 
   services = {
+    tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "both";
+      extraUpFlags = ["--advertise-routes=192.168.1.11/32"];
+      authKeyFile = config.sops.secrets."tailscale-auth-key".path;  
+    };
+    
     dnscrypt-proxy2 = {
       enable = true;
       settings = {
diff --git a/nixos/celestia/secrets.yaml b/nixos/celestia/secrets.yaml
index dac6d1a..2f1e609 100644
--- a/nixos/celestia/secrets.yaml
+++ b/nixos/celestia/secrets.yaml
@@ -1,4 +1,5 @@
 acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZGIQjlLKHzj1Ys3zS591iVRkeYExBGyCPakPIJo=,iv:sOIPofteCvO4Na+z8qw7EjfJ6CEr83kYaonhUCgFwA4=,tag:RhHGyTrmdY4f8QkQ0DhhJw==,type:str]
+tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +15,8 @@ sops:
             K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
             wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-25T08:01:53Z"
-    mac: ENC[AES256_GCM,data:XZ4KGGJjleVpmIn780mHLCnEy24ZZHOwJz2xtZLUgHX7HN1OVYSOui18yS2TUQ8A0/aaoudjc6o/5h1emeWryFPn/Hx3E/8TaQgs1kBBbn+yIDxDeyZt8+iI1DrzFpI376u1lLUFA1TeMfPC0J4WORKJeh7NhKN0DlhZetpKVN0=,iv:XDddEP3/+eeoDK9/DRlg0Wu8bZVg86X8ncC/HO8qYeA=,tag:39lnmz58x+zkbvMvPVh0Fw==,type:str]
+    lastmodified: "2024-04-21T19:42:27Z"
+    mac: ENC[AES256_GCM,data:1LZ/jcx2yOW5OgWYmGlu8ySpOLrvLTmyAc8CrK6gKDeoc/VN5RuRapwkGD6XfgDaUvMCccgcRpyL5QDPPdRw6zzwpW4Ce1hreOoC1zV23TNDuAbn1G+gFjlJ2l5IEY6EZeNoWsOC2ID16HRwls1Bau1+hcWKefFYNVjE3+3l16U=,iv:9FFP84Be7UzfuLz/FnFtvOXmudccMq1jFDGXJUN0t48=,tag:U9SOsMUbHm8hzZnS3yK1Lg==,type:str]
     pgp:
         - created_at: "2024-01-25T08:00:56Z"
           enc: |-