navidrome: Add Tailscale auth key

2025-12-27 10:15:04 +01:00 · 2025-12-27 10:15:04 +01:00 · 54b85e7406
commit 54b85e7406
parent 653a9e85c9
3 changed files with 31 additions and 15 deletions
--- a/modules/nixos/navidrome.nix
+++ b/modules/nixos/navidrome.nix
@ -1,3 +1,4 @@
 { inputs, ... }:
 {
  containers.music = {
    autoStart = true;
@ -8,24 +9,38 @@
      };
    };
-    config = {
+    config =
-      services = {
+      { config, ... }:
-        navidrome = {
+      {
-          enable = true;
+        imports = [ inputs.agenix.nixosModules.default ];
-          settings = {
+
-            MusicFolder = "/Music";
+        age = {
-            port = 4533;
+          identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
          secrets."tailscale" = {
            file = ../secrets/tailscale.age;
            mode = "400";
            owner = "tailscale";
          };
        };
-        tailscale = {
+        services = {
-          enable = true;
+          navidrome = {
-          useRoutingFeatures = "server";
+            enable = true;
-          interfaceName = "userspace-networking";
+            settings = {
-        };
+              MusicFolder = "/Music";
-      };
+              port = 4533;
            };
          };
-      system.stateVersion = "24.05";
+          tailscale = {
-    };
+            enable = true;
            useRoutingFeatures = "server";
            interfaceName = "userspace-networking";
            authKeyFile = config.age.secrets.tailscale.path;
          };
        };
        system.stateVersion = "24.05";
      };
  };
 }
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -9,4 +9,5 @@ in
 {
  "nextcloud.age".publicKeys = all;
  "forgejo-runner-token.age".publicKeys = all;
  "tailscale.age".publicKeys = all;
 }
--- a/modules/secrets/tailscale.age
+++ b/modules/secrets/tailscale.age