Problem: extraUpFlags in services.tailscale blocks boot if network
is not ready or Headscale is unreachable.
Solution:
- services.tailscale.enable = true (installs tailscale)
- Separate kawa-mesh-connect systemd service:
- Waits for network-online.target
- Waits for tailscaled.service
- Connects to mesh after boot
Commands to verify:
systemctl status tailscaled
systemctl status kawa-mesh-connect
tailscale status
b8d5b01b3a