feat(tailscale): setup tailscale

configuration.nix

@@ -6,6 +6,7 @@ in
   imports = [
     ./hardware-configuration.nix
     ./openssh.nix
+    ./tailscale.nix
     ./firewall.nix
     ./fail2ban.nix
     ./borgbackup.nix

tailscale.nix

@@ -0,0 +1,11 @@
+{
+  networking.nameservers = [ "100.100.100.100" "1.1.1.1" "8.8.8.8" ];
+  networking.search = [ "hummingbird-stork.ts.net" ];
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+    extraUpFlags = [ "--ssh" ];
+  };
+  # Tell the firewall to implicitly trust packets routed over Tailscale:
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+}