diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix
index aa4c81b..841e909 100644
--- a/hosts/anemone/default.nix
+++ b/hosts/anemone/default.nix
@@ -28,6 +28,7 @@
     printing
     security
     snapper
+    tailscale
     wireguard
 
     ./filesystem.nix
diff --git a/modules/default.nix b/modules/default.nix
index f47d4ee..d55b54a 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -49,6 +49,7 @@ in {
     ./system/printing.nix
     ./system/security.nix
     ./system/snapper.nix
+    ./system/tailscale.nix
     ./system/virtualisation.nix
     ./system/wireguard.nix
   ];
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
new file mode 100644
index 0000000..9de220d
--- /dev/null
+++ b/modules/system/tailscale.nix
@@ -0,0 +1,8 @@
+{ config, ... }: {
+  age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.age.secrets.tailscale_auth.path;
+    openFirewall = true;
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index b4d5b2c..5a8bf1b 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -13,6 +13,7 @@ in {
   "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ];
   "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ];
   "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
+  "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
   "secrets/warden_admin.age".publicKeys = [ rin ];
   "secrets/wg_anemone.age".publicKeys = [ anemone rin ];
   "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ];
diff --git a/secrets/tailscale_auth.age b/secrets/tailscale_auth.age
new file mode 100644
index 0000000..be7af43
--- /dev/null
+++ b/secrets/tailscale_auth.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM
+10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8
+-> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc
+vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8
+-> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU
+CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs
+-> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA
+KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE
+-> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg
+xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g
+--- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY
+��xHQ���)����k�)ĉB�~ە�֖Zv?����%lQx
OwZIs�ۄ�f4�D���ǔ�*�Otݳ�0.m[q�_[�����v���
\ No newline at end of file