diff --git a/modules/tailscale.nix b/modules/tailscale.nix
new file mode 100644
index 0000000..d913ec1
--- /dev/null
+++ b/modules/tailscale.nix
@@ -0,0 +1,13 @@
+{ lib, ... }: with lib;
+
+let
+  # Shorter is better for networking interfaces IMO.
+  interface = "ts0";
+in systemConfiguration {
+  services.tailscale = enabled {
+    interfaceName      = interface;
+    useRoutingFeatures = "both";
+  };
+
+  networking.firewall.trustedInterfaces = [ interface ];
+}