From 1ec9671d8bd6427da24f1c70ac153a02757b733a Mon Sep 17 00:00:00 2001
From: Don Harper <duck@duckland.org>
Date: Thu, 4 Jan 2024 21:55:34 -0600
Subject: [PATCH] split tailscale so seprate file to lock

---
 server/default.nix        |   1 +
 server/systemd.nix        |  40 --------------------------------------
 server/tailscale.nix      | Bin 0 -> 1108 bytes
 workstation/default.nix   |   1 +
 workstation/systemd.nix   |  40 --------------------------------------
 workstation/tailscale.nix | Bin 0 -> 1108 bytes
 6 files changed, 2 insertions(+), 80 deletions(-)
 create mode 100644 server/tailscale.nix
 create mode 100644 workstation/tailscale.nix

diff --git a/server/default.nix b/server/default.nix
index 7b65966..82a022d 100644
--- a/server/default.nix
+++ b/server/default.nix
@@ -28,6 +28,7 @@ in
     [
       ./detect-reboot-needed.nix
       ./systemd.nix
+      ./tailscale.nix
       ./upgrade-diff.nix
     ];
 
diff --git a/server/systemd.nix b/server/systemd.nix
index 674f39c..edbd421 100644
--- a/server/systemd.nix
+++ b/server/systemd.nix
@@ -6,46 +6,6 @@ let
 in {
   systemd = {
     services = {
-     #console-blank = {
-     #  enable = true;
-     #  description ="Blank screen";
-     #  serviceConfig = {
-     #    Type = "oneshot";
-     #    ExecStart = "${pkgs.util-linux}/bin/setterm -blank 1";
-     #    TTYPath="/dev/console";
-     #    StandardOutput="tty";
-     #  };
-     #  wantedBy = ["multi-user.target"];
-     #  environment = {
-     #    TERM = "linux";
-     #  };
-      tailscale-autoconnect = {
-        description = "Automatic connection to Tailscale";
-  
-        # make sure tailscale is running before trying to connect to tailscale
-        after = [ "network-pre.target" "tailscale.service" ];
-        wants = [ "network-pre.target" "tailscale.service" ];
-        wantedBy = [ "multi-user.target" ];
-  
-        # set this service as a oneshot job
-        serviceConfig.Type = "oneshot";
-  
-        # have the job run this shell script
-        script = with pkgs; ''
-          # wait for tailscaled to settle
-          sleep 2
-  
-          # check if we are already authenticated to tailscale
-          status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
-          if [ $status = "Running" ]; then # if so, then do nothing
-            exit 0
-          fi
-  
-          # otherwise authenticate with tailscale
-          ${tailscale}/bin/tailscale up --operator=don --authkey tskey-auth-kt22J52CNTRL-iT7CCqfci73sWvVy6Dyi83DWzwLnNyknF
-        '';
-      };
-  
       clean-keychain = {
         description = "Clean up .keychain on boot";
         wantedBy = [ "multi-user.target" ];
diff --git a/server/tailscale.nix b/server/tailscale.nix
new file mode 100644
index 0000000000000000000000000000000000000000..f7ea086654649634d80369c0465b4c4b28a10a4c
GIT binary patch
literal 1108
zcmV-a1grZ1M@dveQdv+`0Q);VOC2Sjt3H-d#r7l1M_%d%q5j@&D*+uiL%=%*D-~N&
zSVSKT?$soIj0jEGf;J^+{syjSSv?o2vhWEfD7@9tUsTXq6T&YDf>_hxJiNtT=zbn@
z_9I_IY1E4T;^_lo1zUUo1$0TKpF?*6ns&9MoOiOU8=i5lf9i>@g03@R@YHNjF@cn5
zQDg&#K;BfW^llT|Qv06vu7esW-#<cUQt3^#jA1bS_iJ?0H>)0jd{X38jPG=!QNh9C
z_G#JjtRskRsT2y+@k90^iHQD)59{d?`$x^6#@IF|Ixkj~>UDkrYK->*6BAm5D1Jtk
zgYvb`51actkIr<x8&*ARZTr)!Ex%P60F%8lQkk1GPQ8)L6d@=rv3iYrX6|UJ&ZrZo
zHPYa;cR{6OC+Z@Ly`%X8G4ey!x0Iprz2d+KuwdPhE!__UZElYnt_cBAj?qZ}Z#|Qt
z6<=Cyl;R&3E$(kmD;cz2qNELzYCql*rvbuD=cH~xztqv$o^~;t`$V1V;Q@rPy>QoP
zIbIn<57TpQSet9=*Vjpw_|R|YkXp7#`y>EGZcrA{_Cli|Wlm!+#EhLEWcnvm**Z%3
zn}A2%O;Wgj?v~fu+PwLK#WD#bvq7r)Bq~ATC87_xM<#&h?qkC(Ek=0o*bDPz3yL^L
z)-3K`$sn^O_&Z<;_uWdRo63$d<{|>x=Rh);Ecl%tHp@6=x)699LeszhIxx*())Q9n
z2HG?$k0_&`^e*!yAg}p(KaeU!7p+wo<m#qi&lu5yo%_fvFl48tB1g1%FLe6$Eok&e
z76FM>_s*Ud?JYmvk<Gf#>}Tp)xr&K3J4-|0N}mFH>7D?1NhaJk?@=9xzun!q<Uc31
zSY?RR9YRYXW`3*ss*R8_EE<wkeA|wOBb8yyMO}-nwwB;DfOza+b`P;P{7vR&x~YH(
zut=Y+La$)Rw`XMFNG=w@3_LPZX`X}rYY_58=BxutgK*-$49Vk~pIgClLqN3Db`B^~
zoB(=3OJ3Pa(kM09MGI;y{W0X61`^*>6y^_NuQ+ojV26r(LoX|hQZjU%?Zh_#3~+ZB
zK#KY?iiOqgk~MG%L_g$JM>fWl?Fk+)1qA{#-d??*$lDJ4`uk}y{jkr*|GBTM%E8;y
zs=Q;#>rtO9cnNr~tLtuH+tmn6ca|Bfau@c0NNY<igu6wVErFgacM>n3al@0x$z{yN
zZq*Sf^~4!k=AFq{mm<n;w$u{AmWdcAV9&v*bbgujn8HxnFqZXkaQxe+i`s{)L$uKz
zc4vW{jiusfYa1LRZoB%xSVPq^otrlUAXo)q7J@$cYl`~3o9(zB&*Tm!378gFBloGo
zzV4mN$AUp3JowP4x4llcnWA<UxiGiFB%xADy95*>9DMit%>HSeJvz)4)J;8hS+g#q
aT~aOY79N`~(KdOL1M1O^JWiJ_egq9?<Q=#G

literal 0
HcmV?d00001

diff --git a/workstation/default.nix b/workstation/default.nix
index 7b65966..82a022d 100644
--- a/workstation/default.nix
+++ b/workstation/default.nix
@@ -28,6 +28,7 @@ in
     [
       ./detect-reboot-needed.nix
       ./systemd.nix
+      ./tailscale.nix
       ./upgrade-diff.nix
     ];
 
diff --git a/workstation/systemd.nix b/workstation/systemd.nix
index 674f39c..edbd421 100644
--- a/workstation/systemd.nix
+++ b/workstation/systemd.nix
@@ -6,46 +6,6 @@ let
 in {
   systemd = {
     services = {
-     #console-blank = {
-     #  enable = true;
-     #  description ="Blank screen";
-     #  serviceConfig = {
-     #    Type = "oneshot";
-     #    ExecStart = "${pkgs.util-linux}/bin/setterm -blank 1";
-     #    TTYPath="/dev/console";
-     #    StandardOutput="tty";
-     #  };
-     #  wantedBy = ["multi-user.target"];
-     #  environment = {
-     #    TERM = "linux";
-     #  };
-      tailscale-autoconnect = {
-        description = "Automatic connection to Tailscale";
-  
-        # make sure tailscale is running before trying to connect to tailscale
-        after = [ "network-pre.target" "tailscale.service" ];
-        wants = [ "network-pre.target" "tailscale.service" ];
-        wantedBy = [ "multi-user.target" ];
-  
-        # set this service as a oneshot job
-        serviceConfig.Type = "oneshot";
-  
-        # have the job run this shell script
-        script = with pkgs; ''
-          # wait for tailscaled to settle
-          sleep 2
-  
-          # check if we are already authenticated to tailscale
-          status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
-          if [ $status = "Running" ]; then # if so, then do nothing
-            exit 0
-          fi
-  
-          # otherwise authenticate with tailscale
-          ${tailscale}/bin/tailscale up --operator=don --authkey tskey-auth-kt22J52CNTRL-iT7CCqfci73sWvVy6Dyi83DWzwLnNyknF
-        '';
-      };
-  
       clean-keychain = {
         description = "Clean up .keychain on boot";
         wantedBy = [ "multi-user.target" ];
diff --git a/workstation/tailscale.nix b/workstation/tailscale.nix
new file mode 100644
index 0000000000000000000000000000000000000000..f7ea086654649634d80369c0465b4c4b28a10a4c
GIT binary patch
literal 1108
zcmV-a1grZ1M@dveQdv+`0Q);VOC2Sjt3H-d#r7l1M_%d%q5j@&D*+uiL%=%*D-~N&
zSVSKT?$soIj0jEGf;J^+{syjSSv?o2vhWEfD7@9tUsTXq6T&YDf>_hxJiNtT=zbn@
z_9I_IY1E4T;^_lo1zUUo1$0TKpF?*6ns&9MoOiOU8=i5lf9i>@g03@R@YHNjF@cn5
zQDg&#K;BfW^llT|Qv06vu7esW-#<cUQt3^#jA1bS_iJ?0H>)0jd{X38jPG=!QNh9C
z_G#JjtRskRsT2y+@k90^iHQD)59{d?`$x^6#@IF|Ixkj~>UDkrYK->*6BAm5D1Jtk
zgYvb`51actkIr<x8&*ARZTr)!Ex%P60F%8lQkk1GPQ8)L6d@=rv3iYrX6|UJ&ZrZo
zHPYa;cR{6OC+Z@Ly`%X8G4ey!x0Iprz2d+KuwdPhE!__UZElYnt_cBAj?qZ}Z#|Qt
z6<=Cyl;R&3E$(kmD;cz2qNELzYCql*rvbuD=cH~xztqv$o^~;t`$V1V;Q@rPy>QoP
zIbIn<57TpQSet9=*Vjpw_|R|YkXp7#`y>EGZcrA{_Cli|Wlm!+#EhLEWcnvm**Z%3
zn}A2%O;Wgj?v~fu+PwLK#WD#bvq7r)Bq~ATC87_xM<#&h?qkC(Ek=0o*bDPz3yL^L
z)-3K`$sn^O_&Z<;_uWdRo63$d<{|>x=Rh);Ecl%tHp@6=x)699LeszhIxx*())Q9n
z2HG?$k0_&`^e*!yAg}p(KaeU!7p+wo<m#qi&lu5yo%_fvFl48tB1g1%FLe6$Eok&e
z76FM>_s*Ud?JYmvk<Gf#>}Tp)xr&K3J4-|0N}mFH>7D?1NhaJk?@=9xzun!q<Uc31
zSY?RR9YRYXW`3*ss*R8_EE<wkeA|wOBb8yyMO}-nwwB;DfOza+b`P;P{7vR&x~YH(
zut=Y+La$)Rw`XMFNG=w@3_LPZX`X}rYY_58=BxutgK*-$49Vk~pIgClLqN3Db`B^~
zoB(=3OJ3Pa(kM09MGI;y{W0X61`^*>6y^_NuQ+ojV26r(LoX|hQZjU%?Zh_#3~+ZB
zK#KY?iiOqgk~MG%L_g$JM>fWl?Fk+)1qA{#-d??*$lDJ4`uk}y{jkr*|GBTM%E8;y
zs=Q;#>rtO9cnNr~tLtuH+tmn6ca|Bfau@c0NNY<igu6wVErFgacM>n3al@0x$z{yN
zZq*Sf^~4!k=AFq{mm<n;w$u{AmWdcAV9&v*bbgujn8HxnFqZXkaQxe+i`s{)L$uKz
zc4vW{jiusfYa1LRZoB%xSVPq^otrlUAXo)q7J@$cYl`~3o9(zB&*Tm!378gFBloGo
zzV4mN$AUp3JowP4x4llcnWA<UxiGiFB%xADy95*>9DMit%>HSeJvz)4)J;8hS+g#q
aT~aOY79N`~(KdOL1M1O^JWiJ_egq9?<Q=#G

literal 0
HcmV?d00001