nixos: make more "traits" mixins

2 files changed, 20 insertions, 6 deletions

diff --git a/modules/nixos/profiles/personal.nix b/modules/nixos/profiles/personal.nix
index 4d1c784..fd59a27 100644
--- a/modules/nixos/profiles/personal.nix
+++ b/modules/nixos/profiles/personal.nix
@@ -15,6 +15,10 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    services = {
+      tailscale.enable = true;
+    };
+
     traits = {
       home-manager.enable = true;
 
@@ -22,7 +26,6 @@ in
         enable = true;
         secretsDir = inputs.self + "/secrets/personal";
       };
-      tailscale.enable = true;
 
       users = {
         seth.enable = true;
diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix
index 373dc5d..d1c54c1 100644
--- a/modules/nixos/profiles/server.nix
+++ b/modules/nixos/profiles/server.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  secretsDir,
   inputs',
   ...
 }:
@@ -27,6 +28,10 @@ in
         # All servers are most likely on stable, so we want to pull in some newer packages from time to time
         _module.args.unstable = inputs'.nixpkgs.legacyPackages;
 
+        age.secrets = {
+          tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age";
+        };
+
         boot.tmp.cleanOnBoot = lib.mkDefault true;
 
         # We don't need it here
@@ -43,16 +48,22 @@ in
           ];
         };
 
-        services.comin.enable = true;
+        services = {
+          comin.enable = true;
 
-        traits = {
-          secrets.enable = true;
           tailscale = {
             enable = true;
-            ssh.enable = true;
+
+            authKeyFile = config.age.secrets.tailscaleAuthKey.path;
+            extraUpFlags = [ "--ssh" ];
           };
-          zram.enable = true;
         };
+
+        traits = {
+          secrets.enable = true;
+        };
+
+        zramSwap.enable = true;
       }
 
       (lib.mkIf cfg.hostUser {