Remove legacy container and GitLab scaffolding and add ruff and pyright checks.

README.md

@@ -2,6 +2,8 @@
 
 > Service discovery for tailscale
 
+Repository: https://guardianproject.dev/ops/tailscalesd
+
 Returns a list of services for Prometheus to scrape, with some extra smarts for Guardian Project Ops.
 
 See [the prometheus docs][0] for more information on the HTTP service discovery format.
@@ -47,22 +49,17 @@ See [the prometheus docs][0] for more information on the HTTP service discovery
 
 ## Usage
 
-### Deploy with a container
+### Deploy on NixOS
 
-* Container image: `registry.gitlab.com/guardianproject-ops/tailscalesd:VERSION`
-* See versions at: https://gitlab.com/guardianproject-ops/tailscalesd/container_registry/5749401
+Use the exported NixOS module from this repository:
 
-``` shell
-docker run \
---name=tailscalesd \
---rm \
---cap-drop=all \
---user 1000:1000 \
---publish 127.0.0.1:9242:9242 \
---env TAILSCALESD_ENV_FILE=/tailscalesd.env \
---mount type=bind,dst=/tailscalesd.env,ro=true,src=/path/to/tailscalesd.env \
-registry.gitlab.com/guardianproject-ops/tailscalesd:latest
-```
+- `nixosModules.tailscalesd`
+
+Provide secrets via systemd credentials (`LoadCredential`) through:
+
+- `services.tailscalesd.credentials.bearerTokenFile`
+- `services.tailscalesd.credentials.clientIdFile`
+- `services.tailscalesd.credentials.clientSecretFile`
 
 ### Configuration