configure tailscale and stuff

hosts/chunk/default.nix

@@ -26,6 +26,7 @@
     ./attic.nix
     ./forgejo.nix
     ./garage.nix
+    ./tailscale.nix
   ];
 
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@@ -66,10 +67,12 @@
     "attic/env" = {
       sopsFile = ../../secrets/services/attic.yaml;
     };
-
     "garage/env" = {
       sopsFile = ../../secrets/services/garage.yaml;
     };
+    "tailscale/auth" = {
+      sopsFile = ../../secrets/services/tailscale.yaml;
+    };
   };
 
   boot.loader.grub.enable = true;

hosts/chunk/tailscale.nix

@@ -0,0 +1,9 @@
+{ config, ... }: {
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets."tailscale/auth".path;
+    extraUpFlags = [ "--advertise-exit-node" ];
+    useRoutingFeatures = "server";
+    openFirewall = true;
+  };
+}