{ config, pkgs, ... }: { # Enable tailscale and open port 22 on it services.tailscale = { enable = true; interfaceName = "tailscale0"; extraUpFlags = [ --login-server='https://headscale.sysctl.io' --accept-dns --accept-routes ]; }; networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ]; }