{ config, pkgs, ... }: { # Enable tailscale and open port 22 on it services.tailscale = { enable = true; interfaceName = "tailscale0"; extraUpFlags = [ "--login-server='https://headscale.sysctl.io'" "--accept-dns" "--accept-routes" ]; }; networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ]; }