From 946ef625fc3e8ec3347bed5615a97880a3f5f101 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sun, 29 Sep 2024 10:48:27 +0200
Subject: [PATCH] Fix tailscale serve in nspawn containers

---
 hosts/stratus/containers/nspawn/default.nix         | 2 +-
 hosts/stratus/containers/nspawn/forgejo/default.nix | 1 -
 modules/system/tailscale.nix                        | 4 ++--
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/hosts/stratus/containers/nspawn/default.nix b/hosts/stratus/containers/nspawn/default.nix
index dc261db..d5d784a 100644
--- a/hosts/stratus/containers/nspawn/default.nix
+++ b/hosts/stratus/containers/nspawn/default.nix
@@ -48,7 +48,7 @@ in
 
     bindMounts = {
       # Secrets
-      "/run/secrets/container/tailscale-auth-key" = { };
+      "/run/secrets/tailscale-auth-key".hostPath = "/run/secrets/container/tailscale-auth-key";
       "/run/secrets/container/${name}".isReadOnly = false;
       "/run/secrets/restic".isReadOnly = false;
       "/run/secrets/healthchecks-ping-key".isReadOnly = false;
diff --git a/hosts/stratus/containers/nspawn/forgejo/default.nix b/hosts/stratus/containers/nspawn/forgejo/default.nix
index 757bf49..10d36a5 100644
--- a/hosts/stratus/containers/nspawn/forgejo/default.nix
+++ b/hosts/stratus/containers/nspawn/forgejo/default.nix
@@ -51,7 +51,6 @@ in
       myConfig.tailscale = {
         inherit subdomain;
         serve = "3000";
-
       };
     };
 }
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index f3576fd..111178c 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -42,7 +42,7 @@ in
 
     systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ];
 
-    systemd.services.tailscale-serve = lib.mkIf (cfg.serve != null) {
+    systemd.services.tailscaled-serve = lib.mkIf (cfg.serve != null) {
       after = [
         "tailscaled.service"
         "tailscaled-autoconnect.service"
@@ -51,7 +51,7 @@ in
       wantedBy = [ "multi-user.target" ];
       serviceConfig.Type = "oneshot";
       script = ''
-        ${lib.getExe pkgs.tailscale} cert ${config.networking.fqdn}
+        ${lib.getExe pkgs.tailscale} cert ${cfg.subdomain}.${config.networking.domain}
         ${lib.getExe pkgs.tailscale} serve reset
         ${lib.getExe pkgs.tailscale} serve --bg ${cfg.serve}
       '';