system/tailscale: persist tailscale state

modules/binds.nix

@@ -0,0 +1,9 @@
+{ config, lib, ...}: {
+  imports = [ ./options.nix ];
+  fileSystems = lib.mapAttrs (dest: key: {
+    depends = [ "/persist" ];
+    device = "/persist/binds/${key}";
+    fsType = "none";
+    options = [ "bind" ];
+  }) config.me.binds;
+}

modules/default.nix

@@ -14,6 +14,7 @@ let
     }) paths
   );
 in {
+  binds = ./binds.nix;
   options = ./options.nix;
   services = mkAttrsFromPaths [
     ./services/banksia.nix

modules/options.nix

@@ -44,5 +44,10 @@ in {
       type = types.bool;
       default = false;
     };
+
+    binds = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      default = {};
+    };
   };
 }

modules/system/base.nix

@@ -1,5 +1,5 @@
 { config, inputs, modules, ... }: {
-  imports = [ modules.options ];
+  imports = [ modules.binds modules.options ];
 
   environment.etc = {
     "machine-id".source = "/persist/machine-id";

modules/system/tailscale.nix

@@ -1,5 +1,6 @@
 { config, ... }: {
   age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
+  me.binds."/var/lib/tailscale" = "tailscale";
   services.tailscale = {
     enable = true;
     authKeyFile = config.age.secrets.tailscale_auth.path;