feat: Use new headscale auth keys

talos/clusters/default.yaml

@@ -45,9 +45,6 @@ default:
       - 8.8.8.8
     tailscale:
       server: https://headscale.huizinga.dev
-      authKey:
-        file: tailscale.key
-      advertiseRoutes: true
   ntp: nl.pool.ntp.org
   install:
     auto: true

talos/clusters/testing.yaml

@@ -10,6 +10,9 @@ default:
     interface: ens5
     netmask: 255.255.255.0
     gateway: 192.168.1.1
+    tailscale:
+      authKey:
+        file: testing/tailscale.key
   sops:
     file: testing/age.key
   install:

talos/clusters/titan.yaml

@@ -11,6 +11,9 @@ default:
   network:
     netmask: 255.255.252.0
     gateway: 10.0.0.1
+    tailscale:
+      authKey:
+        file: testing/tailscale.key
   sops:
     file: titan/age.key
   install:

talos/nodes/testing/talos-vm.yaml

@@ -4,3 +4,5 @@ install:
   serial: talos-vm
 network:
   ip: 192.168.1.2
+  tailscale:
+    advertiseRoutes: true

talos/patches/networking/tailscale.yaml

@@ -4,5 +4,5 @@ kind: ExtensionServiceConfig
 name: tailscale
 environment:
   - TS_AUTHKEY={{ node.network.tailscale.authKey }}
-  - TS_EXTRA_ARGS={% if node.network.tailscale.server %}--login-server {{ node.network.tailscale.server }} {% endif %}--advertise-tags=tag:cluster-{{ cluster.name }}
+  - TS_EXTRA_ARGS={% if node.network.tailscale.server %}--login-server {{ node.network.tailscale.server }}{% endif +%}
   - TS_ROUTES={% if node.network.tailscale.advertiseRoutes %}{{apply_netmask(node.network.ip, node.network.netmask)}}/{{ node.network.netmask | to_prefix }}{% endif %}