From 4e3d826c1447ed47e5fbdffc6a92a9abd6fd20db Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Thu, 20 Jun 2024 11:27:28 +0200
Subject: [PATCH] Auto reconnect tailscale on auth key change

---
 modules/system/tailscale.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index 9c5093d..d37233e 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -10,14 +10,13 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    sops.secrets.tailscale-auth-key = { };
+    sops.secrets.tailscale-auth-key.restartUnits = [ "tailscaled-autoconnect.service" ];
 
     services.tailscale = {
       enable = true;
 
       authKeyFile = config.sops.secrets.tailscale-auth-key.path;
       openFirewall = true;
-      permitCertUid = "root";
 
       useRoutingFeatures = if cfg.exitNode.enable then "server" else "client";
       extraUpFlags = [