From 9a525658a4880cb32175fb571e8b4f028fac04b9 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sun, 10 May 2026 00:34:47 +0000
Subject: [PATCH] feat: add ClusterSecretStore and ExternalSecret for Tailscale

---
 deployments/tailscale/external-secret.yaml | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 deployments/tailscale/external-secret.yaml

diff --git a/deployments/tailscale/external-secret.yaml b/deployments/tailscale/external-secret.yaml
new file mode 100644
index 0000000..7a13d02
--- /dev/null
+++ b/deployments/tailscale/external-secret.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: tailscale-auth
+  namespace: tailscale
+  labels:
+    app: tailscale
+    managed-by: orion
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: orion-vault
+    kind: ClusterSecretStore
+  target:
+    name: tailscale-auth
+    creationPolicy: Owner
+    template:
+      type: Opaque
+  data:
+  - secretKey: TS_AUTH_KEY
+    remoteRef:
+      key: secret/data/tailscale
+      property: TS_AUTH_KEY