Migrate config from dotfiles

modules/networking/tailscale.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+with lib.my;
+let cfg = config.modules.networking.tailscale;
+in {
+  options.modules.networking.tailscale = {
+    enable = mkBoolOpt false;
+    restrictSSH = mkBoolOpt true;
+  };
+
+  config = mkIf cfg.enable {
+    services.tailscale.enable = true;
+    services.openssh.openFirewall = !cfg.restrictSSH;
+    networking.firewall = {
+      checkReversePath = "loose";
+      trustedInterfaces = [ "tailscale0" ];
+      allowedUDPPorts = [ config.services.tailscale.port ];
+    };
+  };
+}