From a75a667c521e4512fb29814d80d1d87b836a24c0 Mon Sep 17 00:00:00 2001
From: Don Harper <duck@duckland.org>
Date: Tue, 2 Dec 2025 15:51:40 -0600
Subject: [PATCH] hosts/pi-server | re-enable tailscale

---
 hosts/pi-server/default.nix | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/hosts/pi-server/default.nix b/hosts/pi-server/default.nix
index 88e1f69..c31f21b 100644
--- a/hosts/pi-server/default.nix
+++ b/hosts/pi-server/default.nix
@@ -74,6 +74,7 @@
   services = {
     beszel-agent = {enable = true;};
     nscd = {enableNsncd = true;};
+    tailscale = {enable = true;};
     locate = {
       enable = true;
       package = pkgs.mlocate;
@@ -119,7 +120,7 @@
   };
 
   zramSwap = {
-    enable = true;
+    enable = false;
     memoryPercent = 25;
     memoryMax = 2147483648;
   };
@@ -152,7 +153,21 @@
   # Open ports in the firewall.
   networking.firewall = {
     enable = true;
+    trustedInterfaces = ["tailscale0"];
     checkReversePath = "loose";
+    allowedUDPPorts = [config.services.tailscale.port];
+    allowedTCPPortRanges = [
+      {
+        from = 1714;
+        to = 1764;
+      }
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 1714;
+        to = 1764;
+      }
+    ];
     allowedTCPPorts = [22];
   };