From 27a438bef61ce50a3d8b8e47c2dcecd0204dbfd0 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sat, 14 Sep 2024 15:01:54 +0200
Subject: [PATCH] Ensure ts certs are always valid for at least 7d

---
 modules/system/tailscale.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index fea8c20..71fc84e 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -44,7 +44,7 @@ in
       wantedBy = [ "multi-user.target" ];
       serviceConfig.Type = "oneshot";
       script = ''
-        ${lib.getExe pkgs.tailscale} cert ${config.networking.fqdn}
+        ${lib.getExe pkgs.tailscale} cert --min-validity=168h ${config.networking.fqdn}
         ${lib.getExe pkgs.tailscale} serve reset
         ${lib.getExe pkgs.tailscale} serve --bg ${cfg.serve}
       '';