From d94c67596de1a9d255c4e3d3763ad0674dfc4634 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sat, 7 Dec 2024 17:54:48 -0500
Subject: [PATCH] setup automatic tailscale connection

---
 .gitattributes          |  1 +
 git-agecrypt.toml       |  5 +++++
 kiosk.nix               | 16 ++++++++++++++++
 tailscale-client-secret |  1 +
 4 files changed, 23 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 git-agecrypt.toml
 create mode 100644 tailscale-client-secret

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..83ec4ad
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+tailscale-client-secret filter=git-agecrypt diff=git-agecrypt
diff --git a/git-agecrypt.toml b/git-agecrypt.toml
new file mode 100644
index 0000000..d04f695
--- /dev/null
+++ b/git-agecrypt.toml
@@ -0,0 +1,5 @@
+[config]
+tailscale-client-secret = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwo8TGBe91mmkc/QonsXtTBKCJtsAGz3YzphDZlzmaO infinidoge@Infini-FRAMEWORK",
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUIcQljnMxXsLU8RO33kqFRqEOgQi7U0x+UFG4Caskk infinidoge@Infini-DL360",
+]
diff --git a/kiosk.nix b/kiosk.nix
index f9808c5..c476c75 100644
--- a/kiosk.nix
+++ b/kiosk.nix
@@ -35,4 +35,20 @@ in
     enable = true;
     pulse.enable = true;
   };
+
+  services.tailscale = {
+    enable = true;
+    extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];
+    authKeyFile = ./tailscale-client-secret;
+    authKeyParameters.ephemeral = false;
+    openFirewall = true;
+  };
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+    };
+  };
 }
diff --git a/tailscale-client-secret b/tailscale-client-secret
new file mode 100644
index 0000000..80b4e44
--- /dev/null
+++ b/tailscale-client-secret
@@ -0,0 +1 @@
+tskey-client-kJTcn9TxqB21CNTRL-3wZR8ZywdWHdTXqqNRxSWHSz9wRng25jG