{ lib, config, pkgs, ... }:
let
  cfg = config.tailscale;
in
{
  options.tailscale = {
    enable = lib.mkEnableOption "Enable Tailscale module";

    authKeyFile = lib.mkOption {
      default = "";
      type = config.services.tailscale.authKeyFile.type;
      description = config.services.tailscale.authKeyFile.description;
    };

    exitNode = lib.mkOption {
      default = "";
      description = ''
        The tailscale IP of the optional exit node.
      '';
    };

    extraUpFlags = lib.mkOption {
      default = "";
      type = config.services.tailscale.extraUpFlags.type;
      description = config.services.tailscale.extraUpFlags.description;
    };

  };

  config = lib.mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      authKeyFile = cfg.authKeyFile;
      useRoutingFeatures = if cfg.exitNode == "" then "none" else "both";
      extraUpFlags = [ "--exit-node=${cfg.exitNode}" ] ++ cfg.extraUpFlags;
    };
  };

}