{ config, lib, ... }:
let cfg = config.my.services.tailscale;
in {

  options.my.services.tailscale = with lib; {
    enable = mkEnableOption "tailscale configuration";
  };

  config = lib.mkIf cfg.enable {
    services.tailscale.enable = true;
    networking.firewall.trustedInterfaces = [ "tailscale0" ];
  };
}