services: tailscale: loosen firewall policy

See https://github.com/tailscale/tailscale/issues/4432

services/tailscale.nix

@@ -28,6 +28,8 @@ in {
     networking.firewall = {
       trustedInterfaces = ["tailscale0"];
       allowedUDPPorts = [config.services.tailscale.port];
+      # needed for exit node usage
+      checkReversePath = mkIf (!cfg.exitNode) "loose";
     };
 
     # enable IP forwarding to use as exit node