From 78afe09dcbb140bfe445a2ee61bbd0ee4f16b2f3 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Sat, 1 Nov 2025 17:19:44 -0600
Subject: [PATCH] tailscale security

---
 hosts/workstation/configuration.nix | 43 ++++++++++++++---------------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/hosts/workstation/configuration.nix b/hosts/workstation/configuration.nix
index b032e15..765c823 100644
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -32,21 +32,19 @@ in
       "nixminiserver"
     ];
   };
-  home-manager.users.jawz = {
-    programs = {
-      vscode = {
-        enable = true;
-        package = pkgs.code-cursor;
-      };
-      ghostty = {
-        enable = true;
-        package = pkgs.ghostty;
-        enableBashIntegration = shellType == "bash";
-        enableZshIntegration = shellType == "zsh";
-        installBatSyntax = true;
-        installVimSyntax = true;
-        settings.term = "xterm-256color";
-      };
+  home-manager.users.jawz.programs = {
+    vscode = {
+      enable = true;
+      package = pkgs.code-cursor;
+    };
+    ghostty = {
+      enable = true;
+      package = pkgs.ghostty;
+      enableBashIntegration = shellType == "bash";
+      enableZshIntegration = shellType == "zsh";
+      installBatSyntax = true;
+      installVimSyntax = true;
+      settings.term = "xterm-256color";
     };
   };
   networking = {
@@ -128,7 +126,14 @@ in
   services = {
     flatpak.enable = true;
     open-webui.enable = true;
-    tailscale.enable = true;
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "client";
+      extraUpFlags = [
+        "--accept-routes"
+        "--shields-up"
+      ];
+    };
     scx = {
       enable = true;
       scheduler = "scx_lavd";
@@ -146,11 +151,5 @@ in
       acceleration = "cuda";
       models = "/srv/ai/ollama";
     };
-    sunshine = {
-      enable = true;
-      autoStart = false;
-      capSysAdmin = true;
-      openFirewall = true;
-    };
   };
 }