Tailscale exit node only for certain subnet

Tailscale version: 1.32.1
Your operating system & version: Unifi USG-3P v4.4.56 (VyOS) [Debian 7]

Is it possible to selectively use a tailscale client as an exit node? I currently have tailscale deployed on a UDM-Pro and an USG-3P. The UDM-Pro is configured as an exit node. Is it possible to only send traffic from a certain address group on the USG-3P over tailscale0? Previously, with wireguard I used the following config:

{
    "firewall":{
        "group":{
            "address-group":{
                "VIA_VPN_ADDRESSES":{
                    "address":[
                        "10.2.1.0/24"
                    ]
                }
            }
        },
        "modify":{
            "LOAD_BALANCE":{
                "rule":{
                    "2001":{
                        "action":"modify",
                        "modify":{
                            "table":"1"
                        },
                        "protocol":"all",
                        "source":{
                            "group":{
                                "address-group":"VIA_VPN_ADDRESSES"
                            }
                        }
                    }
                }
            }
        }
    },
    "protocols":{
        "static":{
            "interface-route":{
                "10.10.10.0/23":{
                    "next-hop-interface":{
                        "wg1":"''"
                    }
                },
                "10.1.0.0/16":{
                    "next-hop-interface":{
                        "wg1":"''"
                    }
                },
                "10.3.0.0/16":{
                    "next-hop-interface":{
                        "wg1":"''"
                    }
                }
            },
            "table":{
                "1":{
                    "interface-route":{
                        "0.0.0.0/0":{
                            "next-hop-interface":{
                                "wg1":"''"
                            }
                        }
                    }
                }
            }
        }
    },
    "service":{
        "nat":{
            "rule":{
                "5001":{
                    "outbound-interface":"wg1",
                    "protocol":"all",
                    "source":{
                        "group":{
                            "address-group":"VIA_VPN_ADDRESSES"
                        }
                    },
                    "type":"masquerade"
                }
            }
        }
    }
}

Is something similar possible with tailscale? I tried specifying the --exit-node= option, but it completely bricked my security gateway, forcing a factory reset.