From a4d3e6b6f8854c49dc63c37455a6b42caaed5291 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Sun, 15 May 2022 19:45:42 +0200
Subject: [PATCH] services: tailscale: loosen firewall policy

See https://github.com/tailscale/tailscale/issues/4432
---
 services/tailscale.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/tailscale.nix b/services/tailscale.nix
index ff3a4b1..41fe9f8 100644
--- a/services/tailscale.nix
+++ b/services/tailscale.nix
@@ -28,6 +28,8 @@ in {
     networking.firewall = {
       trustedInterfaces = ["tailscale0"];
       allowedUDPPorts = [config.services.tailscale.port];
+      # needed for exit node usage
+      checkReversePath = mkIf (!cfg.exitNode) "loose";
     };
 
     # enable IP forwarding to use as exit node