{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
  # Generic Tailscale configs are in /nixos/common/services/tailscale.nix  
  # Set up the secrets file:
  sops.secrets."tailscale_key" = {
    owner = "root";
    sopsFile = ../../../secrets/hosts/${hostname}.yaml;
    restartUnits = [ 
      "tailscaled.service"
      "tailscaled-autoconnect.service" 
    ];
  };
  services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
}