Headscale and Tailscale config modules

hosts/m3-ares/services/tailscale.nix

@@ -5,36 +5,16 @@
 }: {
   services.tailscale = {
     enable = true;
-    useRoutingFeatures = "client";
+    authKeyFile = config.age.secrets.tailscale-key.path;
+    extraUpFlags = [
+      "--login-server=https://va.m3tam3re.com"
+    ];
+    extraSetFlags = [
+      "--exit-node=m3-atlas"
+      "--exit-node-allow-lan-access"
+    ];
   };
-
-  # systemd.services.tailscale-autoconnect = {
-  #   description = "Automatic connection to Tailscale";
-
-  #   # make sure tailscale is running before trying to connect to tailscale
-  #   after = ["network-pre.target" "tailscale.service"];
-  #   wants = ["network-pre.target" "tailscale.service"];
-  #   wantedBy = ["multi-user.target"];
-
-  #   # set this service as a oneshot job
-  #   serviceConfig = {
-  #     Type = "oneshot";
-  #     EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
-  #   };
-
-  #   # have the job run this shell script
-  #   script = with pkgs; ''
-  #     # wait for tailscaled to settle
-  #     sleep 2
-
-  #     # check if we are already authenticated to tailscale
-  #     status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
-  #     if [ $status = "Running" ]; then # if so, then do nothing
-  #       exit 0
-  #     fi
-
-  #     # otherwise authenticate with tailscale
-  #     ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
-  #   '';
-  # };
+  environment.systemPackages = with pkgs; [
+    tailscale
+  ];
 }