From ad6da1d8d45bd9a48de66e1516449391579f2c6f Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sat, 6 Sep 2025 23:57:14 -0700 Subject: [PATCH] chore(tailscale): update --- nixos/secrets/tailscale.yaml | 15 ++++++--------- nixos/tailscale.nix | 7 ++++--- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/nixos/secrets/tailscale.yaml b/nixos/secrets/tailscale.yaml index ce81dbd2..a6a1d6a9 100644 --- a/nixos/secrets/tailscale.yaml +++ b/nixos/secrets/tailscale.yaml @@ -1,11 +1,8 @@ -tailscale-key-reisen: ENC[AES256_GCM,data:+1bVMPZuIY3JvjkoW6MPetYHwEwQvnEGLuq/Z8sz8hEo2/FUnyC6cuNTONwOSslUYAQH2pzMmvlukgZjPw==,iv:uFC2ye9+VivOI0zvGpnSLut00slDhrSWesNQigY0QYw=,tag:tahk1HX2YaqY6BFOlrKohg==,type:str] -tailscale-key-gensokyo: ENC[AES256_GCM,data:x5H+5/7Q/3jnZMSyQYxbBRX1dsKnH6bfrXA/7iAH29dYhM+GJnzZGbJGSmWYxyVTBkxAEjZ52R4Jzh1MF1I=,iv:YitklVniLloLnKi74xz/zGHRO1/361zFSFOug076tE4=,tag:UcTW8mzHomxgDv6Nl23XBw==,type:str] +tailscale-key-reisen: ENC[AES256_GCM,data:V9bVM2ZR2UR617JtpBe88NucelKftfYxHBp/pa9REZrWk4af1nCI76gicyrp8MzsU/zqsTVP/KhIgag0ZA==,iv:fmZbWzfWA+gqMbuD3llVgrM5AxzlsyVLU1d0QDsQr54=,tag:8I3nRnMQAjYahddZT0OtVA==,type:str] +tailscale-key-meiling: ENC[AES256_GCM,data:uZN9RU2WihMZ6ZpKZKezVCwYRIp1SwGqELREIdvG6v10Xv2HWoqjAku1LdUUNCDmm7Ftst19JicRQAo86Oc=,iv:pooHdgQKrL7YxqF/65bbmtV5/tpvvsUh+x88dgILbe8=,tag:9RTIfDK5KEKjytQbDUon0Q==,type:str] +tailscale-key-gensokyo: ENC[AES256_GCM,data:Og0yZZvf2oHLPqjeFIUxf+tA8hb5Z6kwDmYexcH8ZTerU7kd6DQwt9lgvEVUDZVQdYYXyEydGPo4RKIdYZE=,iv:AWd5a8QT9wnclENFQ1Sg+4J+OCaD+2VfxSPAmaOGGTo=,tag:sLcqyQBbtD6EpaV3GcBkjQ==,type:str] sops: shamir_threshold: 1 - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | @@ -115,8 +112,8 @@ sops: SnUxWHJhZlNSM0JNb1h4cGQ3ZlNHajQKHyRMD8RVSTm7wzugq+aoUNbWi9oeIJI8 xbN0jAdacSBA01DTIXuASrdMWEcQ+m0gjZCu9WdpuG0/o8CSUElfTg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-05T20:54:01Z" - mac: ENC[AES256_GCM,data:nSmR/TD/I0XZNDZv7Iv8PQqVtm0kSWaW+jIvlPbc+rbHJFRboiU6+G6nEsjEQ+DHIa4u3Pj4DWc9m11kkSACMzOnPY7FEur1g4rDlypHE5nFmDuaCnonz8RsPL2M0nYK9ihEWKl3m5G7w/UEV76x3nVGg4h/pxeI2Hivc+2iFrU=,iv:oZIexRyzxEkYAvUqcpESGh2IZpvksacsbAZhkt+YxHU=,tag:2uX9zSWyd8tm9PVDPebC+Q==,type:str] + lastmodified: "2025-09-07T06:53:13Z" + mac: ENC[AES256_GCM,data:AKrKZ/9M7lNjsOwjKNpnEtPJaVs5k20SAB4CymwcwET7cpAasoxDKDwd2dRCqXMwR+ufOBq7zp6L1ZbbGCgj5xNYKvgk4tsknNGDp9WD0laHWMHS2eTRuT7TyajKiG0JBZ6XtR6NWN80shuuheYrWBX9D12aKU5Qp84AibV0kf4=,iv:tZigo6FOsGXB8gEABs4gpO/DWFiPLxwA5F3nWnYhs/Q=,tag:WxI2z7nMeZi3tIgO43lodw==,type:str] pgp: - created_at: "2025-06-14T18:51:35Z" enc: |- @@ -154,4 +151,4 @@ sops: -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.10.2 diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix index 53cfcdf1..155d42d1 100644 --- a/nixos/tailscale.nix +++ b/nixos/tailscale.nix @@ -35,13 +35,14 @@ in { services.tailscale.enable = mkDefault true; sops.secrets.tailscale-key = let - keyReisen = "tailscale-key-reisen"; + keyNode = "tailscale-key-${systemConfig.proxmox.node.name}"; keyGenso = "tailscale-key-gensokyo"; - sharedKeys = [keyReisen keyGenso]; + # TODO: populate via lib.generate.nodeNames or something + sharedKeys = [keyGenso "tailscale-key-reisen" "tailscale-key-meiling"]; in mkIf cfg.enable { key = mkMerge [ - (mkIf (systemConfig.proxmox.enabled && systemConfig.proxmox.node.name == "reisen") (mkDefault keyReisen)) + (mkIf systemConfig.proxmox.enabled (mkDefault keyNode)) (mkIf (config.networking.domain == gensokyo-zone.lib.domain) (mkAlmostOptionDefault keyGenso)) ]; sopsFile = mkIf (elem config.sops.secrets.tailscale-key.key sharedKeys) (