From 386ecf3d14ea486aba523b14200fcd2e7e04b9d6 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Thu, 13 Feb 2025 16:54:19 -0500
Subject: nixos: make more "traits" mixins

---
 modules/nixos/profiles/server.nix | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'modules/nixos/profiles/server.nix')

diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix
index 373dc5d..d1c54c1 100644
--- a/modules/nixos/profiles/server.nix
+++ b/modules/nixos/profiles/server.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  secretsDir,
   inputs',
   ...
 }:
@@ -27,6 +28,10 @@ in
         # All servers are most likely on stable, so we want to pull in some newer packages from time to time
         _module.args.unstable = inputs'.nixpkgs.legacyPackages;
 
+        age.secrets = {
+          tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age";
+        };
+
         boot.tmp.cleanOnBoot = lib.mkDefault true;
 
         # We don't need it here
@@ -43,16 +48,22 @@ in
           ];
         };
 
-        services.comin.enable = true;
+        services = {
+          comin.enable = true;
 
-        traits = {
-          secrets.enable = true;
           tailscale = {
             enable = true;
-            ssh.enable = true;
+
+            authKeyFile = config.age.secrets.tailscaleAuthKey.path;
+            extraUpFlags = [ "--ssh" ];
           };
-          zram.enable = true;
         };
+
+        traits = {
+          secrets.enable = true;
+        };
+
+        zramSwap.enable = true;
       }
 
       (lib.mkIf cfg.hostUser {
-- 
cgit v1.2.3