flake update; msty update; +headscale config

hosts/m3-atlas/services/tailscale.nix

@@ -1,9 +1,41 @@
-{
+{pkgs, ...}: {
   services.tailscale = {
     enable = true;
     useRoutingFeatures = "both";
+    extraUpFlags = [
+      "--login-server https://va.m3tam3re.com"
+      "--advertise-exit-node"
+      "--accept-routes"
+    ];
   };
+
+  # Persistent systemd service for network settings
+  systemd.services.configure-network-offload = {
+    description = "Configure network offload settings";
+    after = ["network.target"];
+    wantedBy = ["multi-user.target"];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${pkgs.ethtool}/bin/ethtool -K ens3 rx-udp-gro-forwarding on rx-gro-list off";
+    };
+  };
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1;
+    "net.core.gro_normal_batch" = 8;
+    "net.core.gro_flush_timeout" = 200000;
+  };
+
   networking.firewall = {
     trustedInterfaces = ["tailscale0"];
+    allowedUDPPorts = [41641];
+    checkReversePath = "loose";
   };
+
+  environment.systemPackages = with pkgs; [
+    ethtool
+    tailscale
+  ];
 }