From 5b666bf5767fc492b8ae09e97251c006213c61d9 Mon Sep 17 00:00:00 2001
From: Cilly Leang <mini@cilly.moe>
Date: Wed, 17 Jun 2026 00:10:23 +1000
Subject: [PATCH] system/tailscale: only nat for dandelion

---
 modules/system/tailscale.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index 4e16aac..79cbba9 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -4,8 +4,9 @@
   networking.firewall.trustedInterfaces = [ "tailscale0" ];
   networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
 
-  networking.nat = {
+  networking.nat = lib.mkIf (config.networking.hostName == "dandelion") {
     enable = true;
+    externalInterface = "enp0s6";
     internalInterfaces = [ "tailscaled0" ];
     forwardPorts = [
       {