Fix tailscale serve in nspawn containers

hosts/stratus/containers/nspawn/default.nix

@@ -48,7 +48,7 @@ in
 
     bindMounts = {
       # Secrets
-      "/run/secrets/container/tailscale-auth-key" = { };
+      "/run/secrets/tailscale-auth-key".hostPath = "/run/secrets/container/tailscale-auth-key";
       "/run/secrets/container/${name}".isReadOnly = false;
       "/run/secrets/restic".isReadOnly = false;
       "/run/secrets/healthchecks-ping-key".isReadOnly = false;

hosts/stratus/containers/nspawn/forgejo/default.nix

@@ -51,7 +51,6 @@ in
       myConfig.tailscale = {
         inherit subdomain;
         serve = "3000";
-
       };
     };
 }

modules/system/tailscale.nix

@@ -42,7 +42,7 @@ in
 
     systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ];
 
-    systemd.services.tailscale-serve = lib.mkIf (cfg.serve != null) {
+    systemd.services.tailscaled-serve = lib.mkIf (cfg.serve != null) {
       after = [
         "tailscaled.service"
         "tailscaled-autoconnect.service"
@@ -51,7 +51,7 @@ in
       wantedBy = [ "multi-user.target" ];
       serviceConfig.Type = "oneshot";
       script = ''
-        ${lib.getExe pkgs.tailscale} cert ${config.networking.fqdn}
+        ${lib.getExe pkgs.tailscale} cert ${cfg.subdomain}.${config.networking.domain}
         ${lib.getExe pkgs.tailscale} serve reset
         ${lib.getExe pkgs.tailscale} serve --bg ${cfg.serve}
       '';