{
  config,
  lib,
  ...
}:
let
  cfg = config.kropcloud.services.tailscale;
in
{
  options.kropcloud.services.tailscale = {
    enable = lib.mkEnableOption "Whence to enable tailscale service.";
    asRouter = {
      enable = lib.mkEnableOption "Whence to configure tailscale as router.";
      subnet = lib.mkOption {
        type = lib.types.str;
        default = "192.168.1.0/24";
        example = "192.168.1.0/24";
        description = "The subnet to expose";
      };
    };
  };
  config = lib.mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      openFirewall = true;
      useRoutingFeatures = lib.mkIf cfg.asRouter.enable "server";
      extraSetFlags = lib.mkIf cfg.asRouter.enable [ "--advertise-routes=${cfg.asRouter.subnet}" ];
    };
  };
}