{ config, ... }: { services.tailscale = { enable = true; authKeyFile = config.sops.secrets."tailscale/auth".path; openFirewall = true; useRoutingFeatures = "client"; extraUpFlags = [ "--exit-node=chunk" "--accept-dns=false" "--operator=yt" "--exit-node-allow-lan-access" ]; extraDaemonFlags = [ "--no-logs-no-support" ]; }; }