cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

force reauth on tailscale key change

Browse source
This commit is contained in:
Cyryl Płotnicki 2023-03-04 08:21:35 +00:00
parent e73323eb26
commit 9830568981
1 changed files with 11 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
nixos/tailscale/default.nix
View file

@ -1,23 +1,17 @@
{ { config, pkgs, inputs, ... }:
config, let
pkgs, inherit (inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux")
inputs, tailscale;
...
}: let
inherit
(inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux")
tailscale
;
in { in {
environment.systemPackages = [tailscale]; environment.systemPackages = [ tailscale ];
services.tailscale = { services.tailscale = {
enable = true; enable = true;
package = tailscale; package = tailscale;
}; };
networking.firewall = { networking.firewall = {
trustedInterfaces = ["tailscale0"]; trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [config.services.tailscale.port]; allowedUDPPorts = [ config.services.tailscale.port ];
}; };
sops.secrets."tailscale-key-${config.networking.hostName}" = { sops.secrets."tailscale-key-${config.networking.hostName}" = {
sopsFile = ./keys.sops.yaml; sopsFile = ./keys.sops.yaml;
@ -25,9 +19,9 @@ in {
systemd.services.tailscale-auth = { systemd.services.tailscale-auth = {
description = "Auth with tailscale"; description = "Auth with tailscale";
after = ["network-pre.target" "tailscale.service"]; after = [ "network-pre.target" "tailscale.service" ];
wants = ["network-pre.target" "tailscale.service"]; wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
@ -39,7 +33,7 @@ in {
exit 0 exit 0
fi fi
${tailscale}/bin/tailscale up -authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}` ${tailscale}/bin/tailscale up --force-reauth --authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}`
''; '';
}; };
} }