Setup golink

stackptr · stackptr · commit c3ca219e7a72 · 2025-06-03T11:54:03.000-07:00
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -29,6 +29,11 @@
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    golink = {
+      url = "github:tailscale/golink";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.systems.follows = "systems";
+    };
 
     # macOS
     nix-darwin = {
diff --git a/hosts/spore/secrets/tailscale-auth-key.age b/hosts/spore/secrets/tailscale-auth-key.age
diff --git a/hosts/spore/services.nix b/hosts/spore/services.nix
@@ -3,6 +3,17 @@
   pkgs,
   ...
 }: {
+  age.secrets.tailscale-auth-key = {
+    file = ./secrets/tailscale-auth-key.age;
+    mode = "440";
+    owner = config.services.golink.user;
+    group = config.services.golink.group;
+  };
+  services.golink = {
+    enable = true;
+    tailscaleAuthKeyFile = config.age.secrets.tailscale-auth-key.path;
+  };
+
   services.openssh.enable = true;
   services.tailscale.enable = true;
 }
diff --git a/lib/hosts.nix b/lib/hosts.nix
@@ -12,6 +12,7 @@
   mac-app-util,
   profile,
   disko,
+  golink,
   ...
 }: let
   keys = import ./keys.nix;
@@ -62,6 +63,7 @@
         {
           nixpkgs.overlays = overlays;
         }
+        golink.nixosModules.default
       ];
     };
   darwinHost = {
diff --git a/lib/secrets.nix b/lib/secrets.nix
@@ -16,6 +16,7 @@ in {
   "hosts/spore/secrets/restic-password.age".publicKeys = keys;
   "hosts/spore/secrets/session-secret.age".publicKeys = keys;
   "hosts/spore/secrets/storage-encryption-key.age".publicKeys = keys;
+  "hosts/spore/secrets/tailscale-auth-key.age".publicKeys = keys;
   "hosts/zeta/secrets/wireless.age".publicKeys = keys;
   "hosts/zeta/secrets/dd-agent.age".publicKeys = keys;
   "hosts/zeta/secrets/znc-conf.age".publicKeys = keys;
