nixos: make more "traits" mixins

author: Seth Flynn <[email protected]> 2025-02-13 16:54:19 -0500
committer: Seth Flynn <[email protected]> 2025-02-13 22:09:11 -0500
commit: 386ecf3d14ea486aba523b14200fcd2e7e04b9d6 (patch)
tree: c9009fe26ece76f0c9d76ba89895094ee500b054 /modules/nixos/profiles/server.nix
parent: fdd2dd359c1d72b9ebeb676efb4141b5536f160c (diff)
1 files changed, 16 insertions, 5 deletions
diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix
index 373dc5d..d1c54c1 100644
--- a/modules/nixos/profiles/server.nix
+++ b/modules/nixos/profiles/server.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  secretsDir,
   inputs',
   ...
 }:
@@ -27,6 +28,10 @@ in
         # All servers are most likely on stable, so we want to pull in some newer packages from time to time
         _module.args.unstable = inputs'.nixpkgs.legacyPackages;
 
+        age.secrets = {
+          tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age";
+        };
+
         boot.tmp.cleanOnBoot = lib.mkDefault true;
 
         # We don't need it here
@@ -43,16 +48,22 @@ in
           ];
         };
 
-        services.comin.enable = true;
+        services = {
+          comin.enable = true;
 
-        traits = {
-          secrets.enable = true;
           tailscale = {
             enable = true;
-            ssh.enable = true;
+
+            authKeyFile = config.age.secrets.tailscaleAuthKey.path;
+            extraUpFlags = [ "--ssh" ];
           };
-          zram.enable = true;
         };
+
+        traits = {
+          secrets.enable = true;
+        };
+
+        zramSwap.enable = true;
       }
 
       (lib.mkIf cfg.hostUser {
author	Seth Flynn <[email protected]>	2025-02-13 16:54:19 -0500
committer	Seth Flynn <[email protected]>	2025-02-13 22:09:11 -0500
commit	386ecf3d14ea486aba523b14200fcd2e7e04b9d6 (patch)
tree	c9009fe26ece76f0c9d76ba89895094ee500b054 /modules/nixos/profiles/server.nix
parent	fdd2dd359c1d72b9ebeb676efb4141b5536f160c (diff)