From 8f3848f4d41f9184657048ddecbe052b22d26874 Mon Sep 17 00:00:00 2001
From: scouckel <james.krinsky@gmail.com>
Date: Sun, 25 Jan 2026 11:42:17 -0600
Subject: big changes

---
 modules/nixos/nas.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'modules/nixos/nas.nix')

diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix
index 46bcb13..6201160 100644
--- a/modules/nixos/nas.nix
+++ b/modules/nixos/nas.nix
@@ -7,6 +7,9 @@
 
   config = lib.mkIf config.client.nas.enable {
     services.tailscale.enable = true;
+    services.tailscale.useRoutingFeatures = "client";
+    services.tailscale.openFirewall = true;
+    services.tailscale.extraUpFlags = [ "--accept-dns=false" ];
     networking.nftables.enable = true;
     networking.firewall = {
       enable = true;
@@ -14,6 +17,20 @@
       allowedUDPPorts = [ config.services.tailscale.port ];
     };
 
+    networking.nftables = {
+      tables = {
+        mullvad_tailscale = {
+          content = ''
+            chain output {
+              type route hook output priority 0; policy accept;
+              ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+            }
+          '';
+          family = "inet";
+        };
+      };
+    };
+
     systemd.services.tailscaled.serviceConfig.Environment = [ 
       "TS_DEBUG_FIREWALL_MODE=nftables" 
     ];
-- 
cgit v1.3