nix/modules/system/tailscale.nix

{ pkgs, config, lib, ... }:

{
  age.secrets."tailscale_authkey" = {
    file = ../../secrets/tailscale_authkey.txt.age;
    owner = "blake";
    group = "blake";
    mode = "0400";
  };


  options = {
    modules.system.tailscale.enable = lib.mkEnableOption "enables tailscale";
  };

  config = lib.mkIf config.modules.system.tailscale.enable {
    services.tailscale = {
      enable = true;

      useRoutingFeatures = "both";
      authKeyFile = "/run/agenix/tailscale_authkey";
    };
  };
}