From 5213ecc447b6c155827aab7ca1bd329a6e83b97a Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Thu, 16 Oct 2025 15:50:44 -0400
Subject: [PATCH] autoprovision tailscale

---
 hosts/nixos/HandlerOne/default.nix |  1 +
 modules/services/mesh/client.nix   | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix
index d205279..4e02cd6 100644
--- a/hosts/nixos/HandlerOne/default.nix
+++ b/hosts/nixos/HandlerOne/default.nix
@@ -52,6 +52,7 @@
       "modules/services/trilium"
       "modules/services/fail2ban"
       "modules/services/ntfy-sh"
+      "modules/services/mesh/client.nix"
       "modules/services/ollama/proxy.nix" # Just host the proxy path back to Parzival
       "modules/services/netbox"
       "modules/services/matrix"
diff --git a/modules/services/mesh/client.nix b/modules/services/mesh/client.nix
index 1570a64..980fad4 100644
--- a/modules/services/mesh/client.nix
+++ b/modules/services/mesh/client.nix
@@ -1,6 +1,17 @@
-{pkgs, ...}: {
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}: let
+  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
+in {
+  sops.secrets."tailscale-key" = {
+    sopsFile = "${sopsFolder}/shared.yaml";
+  };
   services.tailscale = {
     enable = true;
     package = pkgs.unstable.tailscale;
+    authKeyFile = config.sops.secrets."tailscale-key".path;
   };
 }