tailscale security

hosts/workstation/configuration.nix

@@ -32,8 +32,7 @@ in
       "nixminiserver"
     ];
   };
-  home-manager.users.jawz = {
-    programs = {
+  home-manager.users.jawz.programs = {
     vscode = {
       enable = true;
       package = pkgs.code-cursor;
@@ -48,7 +47,6 @@ in
       settings.term = "xterm-256color";
     };
   };
-  };
   networking = {
     hostName = "workstation";
     firewall = {
@@ -128,7 +126,14 @@ in
   services = {
     flatpak.enable = true;
     open-webui.enable = true;
-    tailscale.enable = true;
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "client";
+      extraUpFlags = [
+        "--accept-routes"
+        "--shields-up"
+      ];
+    };
     scx = {
       enable = true;
       scheduler = "scx_lavd";
@@ -146,11 +151,5 @@ in
       acceleration = "cuda";
       models = "/srv/ai/ollama";
     };
-    sunshine = {
-      enable = true;
-      autoStart = false;
-      capSysAdmin = true;
-      openFirewall = true;
-    };
   };
 }