From 7ac80d78f13e1409db787a3c5f72d1f3d40af532 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Fri, 6 Jun 2025 18:05:31 +0200
Subject: [PATCH] feat(vpn): improve tailscale routing

---
 hosts/home-server/default.nix | 1 +
 system/vpn.nix                | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/home-server/default.nix b/hosts/home-server/default.nix
index 461cd35..f127875 100644
--- a/hosts/home-server/default.nix
+++ b/hosts/home-server/default.nix
@@ -128,6 +128,7 @@ in
     inherit hostKeys;
   };
 
+  services.tailscale.useRoutingFeatures = "both";
   services.tailscale.extraUpFlags = [
     # "--accept-routes" # breaks incoming connections from outside Tailnet
     "--advertise-tags=tag:felschr-com"
diff --git a/system/vpn.nix b/system/vpn.nix
index c8543b4..f9cfcc0 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -19,7 +19,7 @@ in
     enable = true;
     package = pkgs.unstable.tailscale;
     openFirewall = true;
-    useRoutingFeatures = "both";
+    useRoutingFeatures = lib.mkDefault "client";
     extraUpFlags = [
       "--reset"
       "--exit-node-allow-lan-access"