From e63e1d9bef7f3f7eb76f69bfb0835882857f244f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.dev>
Date: Fri, 7 Apr 2023 21:34:47 +0100
Subject: [PATCH] new tailscale key, restart when key is changing

---
 nixos/tailscale/default.nix    | 3 ++-
 nixos/tailscale/keys.sops.yaml | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/nixos/tailscale/default.nix b/nixos/tailscale/default.nix
index 12c36d17..2ec962db 100644
--- a/nixos/tailscale/default.nix
+++ b/nixos/tailscale/default.nix
@@ -15,6 +15,7 @@ in {
   };
   sops.secrets."tailscale-key-${config.networking.hostName}" = {
     sopsFile = ./keys.sops.yaml;
+    restartUnits = [ "tailscale-auth.service" ];
   };
   systemd.services.tailscale-auth = {
     description = "Auth with tailscale";
@@ -35,7 +36,7 @@ in {
       fi
 
       echo "$status, reauthing"
-      ${tailscale}/bin/tailscale up --force-reauth --authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}`
+      ${tailscale}/bin/tailscale up --authkey `cat /run/secrets/tailscale-key-${config.networking.hostName}`
     '';
   };
 }
diff --git a/nixos/tailscale/keys.sops.yaml b/nixos/tailscale/keys.sops.yaml
index ae910a45..27c59382 100644
--- a/nixos/tailscale/keys.sops.yaml
+++ b/nixos/tailscale/keys.sops.yaml
@@ -1,4 +1,4 @@
-tailscale-key-foureighty: ENC[AES256_GCM,data:o5cVkNgdF8/yHeGkewLifI0ulagzxfXxHeeHGErgkaedAWLLbfNXAclGs6iH9EozrA3fx7XnJsLQ,iv:dEkqCvHlsN8dQ+1dVZHG0+4zi7OeHF9bUZ5qEI9PIPM=,tag:4fOnyFbR64E5KFR8bR5DuA==,type:str]
+tailscale-key-foureighty: ENC[AES256_GCM,data:xb7EZ4TDLGXpstO2OTa+8gvK4206ik+DVQe2ZGqe+zxrhGsrkPu3MpjJYlL9vqakC4dzpRxwKN4=,iv:2Sq25zysjc2gS7SLi7QeFaIOtvKuBbNwADVyj7Hil50=,tag:65jC+Rk96s8xO+dKTo8uJg==,type:str]
 tailscale-key-bolty: ENC[AES256_GCM,data:c1OC6WgYr18I2mP9NQQ1+ibqN28VNcxNMLanLdv6wnbqBLFUSUqJ8tlHgCI81qS1kzlvuCvZui4=,iv:YuNLgEfvBezS1+P/sKN96h1/88e2xU/gyfkzjIy3vNI=,tag:kY2jqCMgiF++sVISDiU7KA==,type:str]
 tailscale-key-vpsfree1: ENC[AES256_GCM,data:RRfWVNXUumS9HuzqTjp/OYwwUy4Ljxd+ymaFWGSuCjWYy5uMyKDyF7FnyzLXD1jeegViM6sXJS2L,iv:b+zNGOP1lAQ7BRg6JetKCvo91hzZhqoYgwiQZzqMnKo=,tag:w+dVamXo3fM7AAyuzKtSjQ==,type:str]
 tailscale-key-vultr1: ENC[AES256_GCM,data:8QKYuSY0/6jtIpaizGpgfyulESqPczw/J/qCDDpYpO/LS+ppRX5avg==,iv:QsKL4NqOUTCWSIxlaXqXbfzhFcAbJTkYXjkc1eCJv8M=,tag:g0vcE23ghCYevEpQsFh50A==,type:str]
@@ -111,8 +111,8 @@ sops:
             eDU3UnhLZWZnYkpwVWd1RWxSOWh3d2sKhtvrXSDt+IU6R9c/kJ9bM1lbmzPZmiXh
             UYMyAqjLY906HafUf6GkbDTmdVA0CI11jcxtLPxb95tP1IvsG/YFKg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-07T13:56:42Z"
-    mac: ENC[AES256_GCM,data:ERIWIFeEq+oTJOKPVWlQcgTiVeiHqGyMGpasgE81nrJCZXX8FzKZgbgIFo4V4P8aqXz8wSrLa3dGEL+H83rkZMtKuvLY7yOqZM/eDkykcKZzoxy17jb1QAtCHknHAu2yYbYujVON7HX0eHxkv75cvn8CwY+r/l+XGqwYnEiAgJo=,iv:NPGIPenk5OjMD49tvGd0PMKPUxRPGKNH9qOg6T5wV/g=,tag:6I65sUmqaU3BFvsNv1wvKQ==,type:str]
+    lastmodified: "2023-04-07T20:28:35Z"
+    mac: ENC[AES256_GCM,data:XOHyakwvoL4/YCIbM57pBa/mg8v7BRGF+iV1iCZ4jl+L4TgT5LfA32pQBr46Tuj2eiW9lJUTgk6+09WdEUQiH0CitBe2hciVWVEtc0cKXidw6wh/hrwchuzj9lDGUaROsRuczWon5Md0QolHEzvE9DDJHFguuJw8rK+q0qkRp8w=,iv:3BRBw3ZjqUlx7hH8SW5MrBCbI/8/OGLnFwppXo+nfX8=,tag:WlDhO/Z6UqoCRxHUyKvT8w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3