diff --git a/base/network.nix b/base/network.nix
index 2aede75..8e3ab01 100644
--- a/base/network.nix
+++ b/base/network.nix
@@ -22,6 +22,13 @@ in
       description = "Enable Multicast DNS (mDNS), or sets resolve-only mode";
       example = "resolve";
     };
+
+    enableTSExitNode = {
+      type = types.bool;
+      default = false;
+      description = "Set up this host as a Tailscale exit node";
+      example = true;
+    };
   };
 
   config = {
@@ -32,6 +39,10 @@ in
     services.tailscale = {
       enable = true;
       package = pkgsUnstable.tailscale;
+      useRoutingFeatures = mkIf enableTSExitNode "server";
+      extraSetFlags = mkIf enableTSExitNode [
+        "--advertise-exit-node"
+      ];
     };
 
     # Firewall Configuration