{config,lib, ... }:

{
  services.tailscale = {
	  enable = true;
	  extraDaemonFlags = [
	  	"--no-logs-no-support"
	  ];

	  extraSetFlags = [
	  	"--ssh=false"
	  ];
	  useRoutingFeatures = "server";  # or "client" / "both"
	};

  networking.firewall = {
    allowedTCPPorts = [ 443 ];
    allowedUDPPorts = [ 41641 3478 ];
  };
}