diff --git a/flake.nix b/flake.nix
index 0cad5fc..1618cea 100644
--- a/flake.nix
+++ b/flake.nix
@@ -73,6 +73,7 @@
                         ./modules/system/desktop-environments/gnome.nix
                         ./modules/system/desktop-environments/hyprland.nix
                         ./modules/system/services/syncthing.nix
+                        ./modules/system/services/tailscale.nix
                         
                     ] #extra modules to load
                     [
diff --git a/hosts/katana/networkd.nix b/hosts/katana/networkd.nix
index 777fa9b..4f340ed 100644
--- a/hosts/katana/networkd.nix
+++ b/hosts/katana/networkd.nix
@@ -6,6 +6,7 @@
     hostName = "katana"; # Define your hostname.
     networkmanager.enable = true; #Enable Network Manager
     firewall = {
+      checkReversePath = "loose";
       allowedTCPPorts = [];
       allowedUDPPorts = [];
     };
diff --git a/hosts/katana/system-pkgs.nix b/hosts/katana/system-pkgs.nix
index d2cf26f..bc71cd6 100644
--- a/hosts/katana/system-pkgs.nix
+++ b/hosts/katana/system-pkgs.nix
@@ -18,7 +18,6 @@
     uutils-coreutils
     htop
     zsh
-    tailscale
     dig #dns lookup
     rage #file encryption
     age-plugin-yubikey #plugin for rage to manage yubi-2fa
diff --git a/modules/system/services/tailscale.nix b/modules/system/services/tailscale.nix
new file mode 100644
index 0000000..072eec1
--- /dev/null
+++ b/modules/system/services/tailscale.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+  # make the tailscale command usable to users
+  environment.systemPackages = with pkgs;[ 
+    pkgs.tailscale
+  ];
+
+  # enable the tailscale service
+  services.tailscale.enable = true;
+}