From db580ad606de8f6367c79982d20434702ee2accf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.dev>
Date: Fri, 8 Dec 2023 17:52:51 +0000
Subject: [PATCH] Migrate to new tailscale config

* use the new config option isntead of custom service
* lower the log spam
---
 nixos/tailscale/default.nix | 28 +++++-----------------------
 1 file changed, 5 insertions(+), 23 deletions(-)

diff --git a/nixos/tailscale/default.nix b/nixos/tailscale/default.nix
index c949af53..15893ffa 100644
--- a/nixos/tailscale/default.nix
+++ b/nixos/tailscale/default.nix
@@ -13,6 +13,10 @@ in {
   services.tailscale = {
     enable = true;
     package = tailscale;
+    authKeyFile = "/run/secrets/tailscale-key-${config.networking.hostName}";
+  };
+  systemd.services.tailscaled = {
+    serviceConfig.LogLevelMax = "notice";
   };
 
   networking.firewall = {
@@ -21,28 +25,6 @@ in {
   };
   sops.secrets."tailscale-key-${config.networking.hostName}" = {
     sopsFile = ./keys.sops.yaml;
-    restartUnits = ["tailscale-auth.service"];
-  };
-  systemd.services.tailscale-auth = {
-    description = "Auth with tailscale";
-
-    after = ["network-pre.target" "tailscale.service"];
-    wants = ["network-pre.target" "tailscale.service"];
-    wantedBy = ["multi-user.target"];
-
-    serviceConfig.Type = "oneshot";
-
-    script = ''
-      sleep 2
-
-      status="$(${tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)"
-      if [ $status = "Running" ]; then # if so, then do nothing
-        echo "already connected"
-        exit 0
-      fi
-
-      echo "$status, reauthing"
-      ${tailscale}/bin/tailscale up --authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}`
-    '';
+    restartUnits = ["tailscaled-autoconnect.service"];
   };
 }