From bb5362633643e97c3e05f0962fdd7f5dbb002e11 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sat, 7 Dec 2024 18:26:31 -0500
Subject: [PATCH 1/2] prepare for tailscale key

---
 .gitattributes | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..2339928
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.key filter=git-crypt diff=git-crypt

From 75008ffe53e6099fb63b728b22103296a5c902c7 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sat, 7 Dec 2024 18:28:24 -0500
Subject: [PATCH 2/2] setup automatic tailscale connection

---
 kiosk.nix                   |  16 ++++++++++++++++
 tailscale-client-secret.key | Bin 0 -> 87 bytes
 2 files changed, 16 insertions(+)
 create mode 100644 tailscale-client-secret.key

diff --git a/kiosk.nix b/kiosk.nix
index f9808c5..ea9ad55 100644
--- a/kiosk.nix
+++ b/kiosk.nix
@@ -35,4 +35,20 @@ in
     enable = true;
     pulse.enable = true;
   };
+
+  services.tailscale = {
+    enable = true;
+    extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];
+    authKeyFile = ./tailscale-client-secret.key;
+    authKeyParameters.ephemeral = false;
+    openFirewall = true;
+  };
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+    };
+  };
 }
diff --git a/tailscale-client-secret.key b/tailscale-client-secret.key
new file mode 100644
index 0000000000000000000000000000000000000000..a991e7f2b1592991cbfa4f610ab8716c979c916a
GIT binary patch
literal 87
zcmZQ@_Y83kiVO&0V3wQkuyOxngFn6hHa=d`=VTt)^kK`^3`U<juj<%%>pgwAg!+H1
uSt-H!HSK|JU8lfL`v-gO9JFisA*{S#*Jzc}`|r9A{F?r)<tH8d4gdhL?kDyD

literal 0
HcmV?d00001