From 490b1f972b0dc66cf15799ba84816f9f63b5ccd3 Mon Sep 17 00:00:00 2001
From: Eric Torres <eric.torres@its-et.me>
Date: Mon, 20 Oct 2025 10:00:29 -0700
Subject: [PATCH] base/network: add opt enableTSExitNode

---
 base/network.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/base/network.nix b/base/network.nix
index 2aede75..8e3ab01 100644
--- a/base/network.nix
+++ b/base/network.nix
@@ -22,6 +22,13 @@ in
       description = "Enable Multicast DNS (mDNS), or sets resolve-only mode";
       example = "resolve";
     };
+
+    enableTSExitNode = {
+      type = types.bool;
+      default = false;
+      description = "Set up this host as a Tailscale exit node";
+      example = true;
+    };
   };
 
   config = {
@@ -32,6 +39,10 @@ in
     services.tailscale = {
       enable = true;
       package = pkgsUnstable.tailscale;
+      useRoutingFeatures = mkIf enableTSExitNode "server";
+      extraSetFlags = mkIf enableTSExitNode [
+        "--advertise-exit-node"
+      ];
     };
 
     # Firewall Configuration