Add tailscale service module

modules/module-list.nix

@@ -65,6 +65,7 @@
   ./services/spotifyd.nix
   ./services/synapse-bt.nix
   ./services/synergy
+  ./services/tailscale.nix
   ./services/yabai
   ./services/nextdns
   ./programs/bash

modules/services/tailscale.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.tailscale;
+
+in
+{
+  options.services.tailscale = {
+    domain = mkOption {
+      type = types.str;
+      default = "";
+      description = lib.mdDoc "The Tailscale domain. This is displayed at the top left of https://login.tailscale.com/admin, next to the Tailscale logo.";
+    };
+
+    enable = mkEnableOption (lib.mdDoc "Tailscale client daemon");
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.tailscale;
+      defaultText = literalExpression "pkgs.tailscale";
+      description = lib.mdDoc "The package to use for tailscale";
+    };
+
+    magicDNS = {
+      enable = mkEnableOption (lib.mdDoc "Whether to configure networking to work with Tailscale's MagicDNS.");
+    };
+  };
+
+  config = mkIf cfg.enable {
+    warnings = [
+      (mkIf (cfg.magicDNS.enable && cfg.domain == "") "${showOption cfg.domain} isn't empty, Tailscale MagicDNS search path won't be configured.")
+    ];
+
+    environment.systemPackages = [ cfg.package ];
+    launchd.user.agents.tailscaled = {
+      # derived from
+      # https://github.com/tailscale/tailscale/blob/main/cmd/tailscaled/install_darwin.go#L30
+      serviceConfig = {
+        Label = "com.tailscale.tailscaled";
+        ProgramArguments = [ "${lib.getBin cfg.package}/bin/tailscaled" ];
+        RunAtLoad = true;
+      };
+    };
+    networking = mkIf cfg.magicDNS.enable {
+      dns = [ "100.100.100.100" ];
+      search =
+        if cfg.domain == "" then
+          [ ]
+        else
+          [ "${cfg.domain}.beta.tailscale.net" ];
+    };
+  };
+}