diff --git a/modules/generic.nix b/modules/generic.nix
index 83c1fa4..59c1b7d 100644
--- a/modules/generic.nix
+++ b/modules/generic.nix
@@ -50,7 +50,6 @@ in
   #  enable = true;
   #};
 
-
   users.defaultUserShell = pkgs.zsh;
 
   security.sudo.wheelNeedsPassword = false;
@@ -69,8 +68,6 @@ in
       extraConfig = "ClientAliveInterval 60";
     };
 
-    tailscale.enable = true;
-
     fail2ban = {
       enable = true;
       ignoreIP =
@@ -82,11 +79,6 @@ in
     atd.enable = true;
   };
 
-  networking.firewall = {
-    trustedInterfaces = [ "tailscale0" ];
-    allowedUDPPorts = [ config.services.tailscale.port ];
-  };
-
   networking.hosts = {
     "100.64.0.2" = [ "mc-fucker.cool" ];
   };
@@ -128,9 +120,10 @@ in
   boot.tmp.cleanOnBoot = true;
 
   imports = [
-    ./zabbix-agent.nix
+    #./zabbix-agent.nix
     ./sops.nix
     ./ssh-knownHosts.nix
+    ./tailscale.nix
   ];
 }
 # vim: set et ts=2 sw=2 ai:
diff --git a/modules/tailscale.nix b/modules/tailscale.nix
new file mode 100644
index 0000000..a99f92a
--- /dev/null
+++ b/modules/tailscale.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+{
+  services = {
+    tailscale.enable = true;
+  };
+
+  systemd.services."restart-tailscaled" = {
+    description = "Restart tailscaled if there's an error";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = ''/bin/sh -c "tailscale status --json | jq -e '.Health[]' && systemctl restart tailscaled.service || echo 'No health problem detected'"'';
+    };
+    path = with pkgs; [
+      jq
+      tailscale
+    ];
+  };
+
+  systemd.timers."restart-tailscaled" = {
+    timerConfig = {
+      OnCalendar = "minutely";
+    };
+    wantedBy = [ "tailscaled.service" ];
+  };
+
+  networking.firewall = {
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+
+}
+# vim: set et ts=2 sw=2 ai: