From dfd8d9a1a83f71845b338316c5115d8d3b144501 Mon Sep 17 00:00:00 2001
From: mjallen18 <matt.l.jallen@gmail.com>
Date: Sat, 10 Jan 2026 13:36:57 -0600
Subject: [PATCH] tailscale

---
 systems/x86_64-linux/jallen-nas/services.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/jallen-nas/services.nix b/systems/x86_64-linux/jallen-nas/services.nix
index a87d55b..da9035a 100755
--- a/systems/x86_64-linux/jallen-nas/services.nix
+++ b/systems/x86_64-linux/jallen-nas/services.nix
@@ -1,11 +1,19 @@
 { pkgs, ... }:
 {
+  systemd.network.wait-online.enable = false;
+  # Force tailscaled to use nftables (Critical for clean nftables-only systems)
+  # This avoids the "iptables-compat" translation layer issues.
+  systemd.services.tailscaled.serviceConfig.Environment = [ 
+    "TS_DEBUG_FIREWALL_MODE=nftables" 
+  ];
+  networking.nftables.enable = true;
+  boot.initrd.systemd.network.wait-online.enable = false;
   # Services configs
   services = {
     tailscale = {
       enable = true;
       openFirewall = true;
-      useRoutingFeatures = "client";
+      useRoutingFeatures = "server";
       extraUpFlags = [
         "--advertise-exit-node"
         "--accept-dns=false"