{ config, pkgs, ... }: {
  # Enable tailscale and open port 22 on it
  services = { tailscale.enable = true; };
  networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
}