raspite: fix hass

machines/raspite/configuration.nix

@@ -8,7 +8,10 @@
 {
   imports = [ ./hass.nix ];
 
-  commonSettings.nix.enableMirrors = true;
+  commonSettings = {
+    nix.enableMirrors = true;
+    auth.enable = true;
+  };
 
   nixpkgs.overlays = [
     # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
@@ -33,25 +36,15 @@
 
   # boot.kernelPackages = pkgs.linuxPackages_stable;
 
-  custom.kanidm-client = {
-    enable = true;
-    uri = "https://auth.xinyang.life";
-    asSSHAuth = {
-      enable = true;
-      allowedGroups = [ "linux_users" ];
-      hardening = true;
-    };
-    sudoers = [ "xin@auth.xinyang.life" ];
-  };
-
-  security.sudo = {
-    execWheelOnly = true;
-    wheelNeedsPassword = false;
-  };
-
   # fileSystems."/".fsType = lib.mkForce "btrfs";
   boot.supportedFilesystems.zfs = lib.mkForce false;
 
-  services.dae.enable = false;
+  services.dae.enable = true;
   services.dae.configFile = "/var/lib/dae/config.dae";
+
+  services.tailscale = {
+    enable = true;
+    permitCertUid = config.services.caddy.user;
+    openFirewall = true;
+  };
 }