Disable DERP relays for a machine in my Tailnet

Is it possible to make it so only direct connections are allowed to a specific machine? So that when a direct connection cannot be established, Tailscale will not resort to routing the traffic through DERP servers.

Note that i still want DERP to stay enabled on my other machines.

Can this be achieved using ACLs and tags?

There isn’t really a way to do this, tailscaled is intended to figure out what paths it can use to reach a node. There isn’t an array of tunable parameters per node.