diff --git a/home/vpn.nix b/home/vpn.nix
index b3991ab..80ddbe6 100644
--- a/home/vpn.nix
+++ b/home/vpn.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 with pkgs; {
   home.packages = with pkgs; [ mullvad-vpn ];
diff --git a/system/vpn.nix b/system/vpn.nix
index b764d6c..a64460f 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -5,8 +5,11 @@
 
   networking.wireguard.enable = true;
 
+  services.tailscale.enable = true;
   services.mullvad-vpn.enable = true;
 
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
   # set some options after every daemon start
   # to avoid accidentally leaving unsafe settings
   systemd.services."mullvad-daemon" = {