cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

force reauth on tailscale key change

Browse source
This commit is contained in:
Cyryl Płotnicki 2023-03-04 08:21:35 +00:00
parent e73323eb26
commit 9830568981
1 changed files with 11 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
nixos/tailscale/default.nix
View file

@ -1,23 +1,17 @@
{
config,
pkgs,
inputs,
...
}: let
inherit
(inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux")
tailscale
;
{ config, pkgs, inputs, ... }:
let
inherit (inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux")
tailscale;
in {
environment.systemPackages = [tailscale];
environment.systemPackages = [ tailscale ];
services.tailscale = {
enable = true;
package = tailscale;
};
networking.firewall = {
trustedInterfaces = ["tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
sops.secrets."tailscale-key-${config.networking.hostName}" = {
sopsFile = ./keys.sops.yaml;
@ -25,9 +19,9 @@ in {
systemd.services.tailscale-auth = {
description = "Auth with tailscale";
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
wantedBy = ["multi-user.target"];
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
@ -39,7 +33,7 @@ in {
exit 0
fi
${tailscale}/bin/tailscale up -authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}`
${tailscale}/bin/tailscale up --force-reauth --authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}`
'';
};
}