From bd196f1f2705c149951f8df62e924eaaff110ddf Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Sat, 10 Jan 2026 01:31:09 +0100
Subject: [PATCH] nebula/dns: Add forward-zone for tailscale domains I'm not
 sure if this is actually doing anything

---
 modules/system/services/nebula/dns.nix | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/modules/system/services/nebula/dns.nix b/modules/system/services/nebula/dns.nix
index f750fc1..51b04fa 100644
--- a/modules/system/services/nebula/dns.nix
+++ b/modules/system/services/nebula/dns.nix
@@ -29,13 +29,18 @@ in
               |> lib.map (node: "\"${node.name}.${nebulaCfg.network.domain}. A ${node.address}\"");
           };
 
-          forward-zone = lib.singleton {
-            name = ".";
-            forward-addr = [
-              "1.1.1.1"
-              "8.8.8.8"
-            ];
-          };
+          forward-zone =
+            (lib.singleton {
+              name = ".";
+              forward-addr = [
+                "1.1.1.1"
+                "8.8.8.8"
+              ];
+            })
+            ++ lib.optional config.custom.services.tailscale.enable {
+              name = "${config.custom.services.tailscale.domain}";
+              forward-addr = [ "100.100.100.100" ];
+            };
         };
       };