From 41a222bc8fc5fb40b0ac9609db4ceb1740337f7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sun, 21 Jan 2024 21:41:21 +0100
Subject: [PATCH] fix(vpn): generate certificate & configure nginx for tailnet

---
 system/vpn.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/system/vpn.nix b/system/vpn.nix
index 854e06b..22c6928 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -34,5 +34,12 @@ in {
 
     # some options cannot be set immediately
     ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
+
+    ${cfg.package}/bin/tailscale cert ${tailnetHost}
   '';
+
+  services.nginx.virtualHosts.${tailnetHost} = {
+    sslCertificate = "/var/lib/tailscale/certs/${tailnetHost}.key";
+    sslCertificateKey = "/var/lib/tailscale/certs/${tailnetHost}.crt";
+  };
 }