{
  config,
  lib,
  pkgs,
  ...
}:

{
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
  };
  # See https://github.com/NixOS/nixpkgs/issues/180175#issuecomment-2541381489
  systemd.services.tailscaled.after = [
    "systemd-networkd-wait-online.service"
  ];
  # See https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
  networking.firewall.checkReversePath = "loose";
}