feat: enable tailscale

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>

hosts/common/servers/default.nix

@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 {
   imports = [
     inputs.disko.nixosModules.disko
@@ -25,6 +30,21 @@
     ];
   };
 
+  sops.secrets.tailscale-authkey = {
+    owner = "root";
+    group = "root";
+    sopsFile = ./secrets.yaml;
+  };
+
+  services.tailscale = {
+    enable = true;
+    openFirewall = true;
+    extraUpFlags = [
+      "--login-server=https://headscale.escapeangle.com"
+    ];
+    authKeyFile = config.sops.secrets.tailscale-authkey.path;
+  };
+
   nix = {
     settings = {
       trusted-users = [ "lander" ];