navidrome: Add Tailscale auth key

2025-12-27 10:15:04 +01:00 · 2025-12-27 10:15:04 +01:00 · 54b85e7406
commit 54b85e7406
parent 653a9e85c9
3 changed files with 31 additions and 15 deletions
--- a/modules/nixos/navidrome.nix
+++ b/modules/nixos/navidrome.nix
@ -1,3 +1,4 @@
+{ inputs, ... }:
 {
  containers.music = {
    autoStart = true;
@ -8,7 +9,20 @@
      };
    };

-    config = {
+    config =
+      { config, ... }:
+      {
+        imports = [ inputs.agenix.nixosModules.default ];
+
+        age = {
+          identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+          secrets."tailscale" = {
+            file = ../secrets/tailscale.age;
+            mode = "400";
+            owner = "tailscale";
+          };
+        };
+
        services = {
          navidrome = {
            enable = true;
@ -22,6 +36,7 @@
            enable = true;
            useRoutingFeatures = "server";
            interfaceName = "userspace-networking";
+            authKeyFile = config.age.secrets.tailscale.path;
          };
        };

--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -9,4 +9,5 @@ in
 {
  "nextcloud.age".publicKeys = all;
  "forgejo-runner-token.age".publicKeys = all;
+  "tailscale.age".publicKeys = all;
 }
--- a/modules/secrets/tailscale.age
+++ b/modules/secrets/tailscale.age