setup automatic tailscale connection

.gitattributes

@@ -0,0 +1 @@
+tailscale-client-secret filter=git-agecrypt diff=git-agecrypt

git-agecrypt.toml

@@ -0,0 +1,5 @@
+[config]
+tailscale-client-secret = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwo8TGBe91mmkc/QonsXtTBKCJtsAGz3YzphDZlzmaO infinidoge@Infini-FRAMEWORK",
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUIcQljnMxXsLU8RO33kqFRqEOgQi7U0x+UFG4Caskk infinidoge@Infini-DL360",
+]

kiosk.nix

@@ -35,4 +35,20 @@ in
     enable = true;
     pulse.enable = true;
   };
+
+  services.tailscale = {
+    enable = true;
+    extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];
+    authKeyFile = ./tailscale-client-secret;
+    authKeyParameters.ephemeral = false;
+    openFirewall = true;
+  };
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+    };
+  };
 }

tailscale-client-secret

@@ -0,0 +1 @@
+tskey-client-kJTcn9TxqB21CNTRL-3wZR8ZywdWHdTXqqNRxSWHSz9wRng25jG