From ee3e0868a8338ab92d34a434e9c3add7dca3db5d Mon Sep 17 00:00:00 2001
From: Cilly Leang <mini@cilly.moe>
Date: Sat, 6 Jun 2026 20:14:37 +1000
Subject: [PATCH] system/tailscale: loosen firewall for tailnet

---
 modules/system/tailscale.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index 732a9bb..02bce52 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -1,6 +1,7 @@
 { config, ... }: {
   age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
   me.binds."/var/lib/tailscale" = "tailscale";
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
   services.tailscale = {
     enable = true;
     authKeyFile = config.age.secrets.tailscale_auth.path;