diff --git a/hosts/desktop.nix b/hosts/desktop.nix
index c1fec1a..efcf6bc 100644
--- a/hosts/desktop.nix
+++ b/hosts/desktop.nix
@@ -44,4 +44,5 @@ with lib.my;
   ];
 
   modules.desktop.gnome.enable = true;
+  modules.networking.tailscale.enable = true;
 }
diff --git a/modules/default.nix b/modules/default.nix
index 6254510..2c8d696 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -20,9 +20,10 @@
     ./dev/zig.nix
     ./editors/neovim
     ./editors/vscode.nix
+    ./networking/tailscale.nix
     ./security/gpg.nix
     ./security/pass.nix
     ./shell/git
     ./shell/zsh
   ];
-}
\ No newline at end of file
+}
diff --git a/modules/networking/tailscale.nix b/modules/networking/tailscale.nix
new file mode 100644
index 0000000..0544f9b
--- /dev/null
+++ b/modules/networking/tailscale.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+with lib.my;
+let cfg = config.modules.networking.tailscale;
+in {
+  options.modules.networking.tailscale = {
+    enable = mkBoolOpt false;
+  };
+
+  config = mkIf cfg.enable {
+    services.tailscale.enable = true;
+    services.openssh.openFirewall = false;
+    networking.firewall = {
+      checkReversePath = "loose";
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+  };
+}