From e9c7b57b4776122149fb6242c1b921ee568737ed Mon Sep 17 00:00:00 2001
From: David Wagner <wagdav@gmail.com>
Date: Wed, 29 May 2024 12:16:28 +0200
Subject: [PATCH] Configure tailscale exit node

---
 host-nuc.nix    | 5 +++++
 modules/vpn.nix | 4 ----
 x230.nix        | 2 ++
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/host-nuc.nix b/host-nuc.nix
index c33380e..8061a41 100644
--- a/host-nuc.nix
+++ b/host-nuc.nix
@@ -19,5 +19,10 @@
     ./modules/webhook.nix
   ];
 
+  services.tailscale = {
+    useRoutingFeatures = "server";
+    extraUpFlags = "--advertise-exit-node";
+  };
+
   system.stateVersion = "22.05";
 }
diff --git a/modules/vpn.nix b/modules/vpn.nix
index a624301..f38f37c 100644
--- a/modules/vpn.nix
+++ b/modules/vpn.nix
@@ -2,9 +2,5 @@
 
 {
   services.tailscale.enable = true;
-
-  # Strict reverse path filtering breaks Tailscale exit node use and some
-  # subnet routing setups.
-  networking.firewall.checkReversePath = "loose";
 }
 
diff --git a/x230.nix b/x230.nix
index 75004e2..cca4ab3 100644
--- a/x230.nix
+++ b/x230.nix
@@ -147,6 +147,8 @@
 
     printing.enable = true;
 
+    tailscale.useRoutingFeatures = "client";
+
     greetd = {
       enable = true;
       settings = {