diff --git a/machines/boschic/default.nix b/machines/boschic/default.nix
index f6a0fad8..a01231e9 100644
--- a/machines/boschic/default.nix
+++ b/machines/boschic/default.nix
@@ -28,6 +28,8 @@ in
 
   ### === networking ===========================================================
 
+  services.tailscale.enable = true;
+
   # FIXME: no connection on boot -- i need to disable internet and re-enable
   # every time despite indication of a wired connection in GNOME status bar
   networking =
diff --git a/machines/chert/networking.nix b/machines/chert/networking.nix
index 9a5fdb14..ebd74070 100644
--- a/machines/chert/networking.nix
+++ b/machines/chert/networking.nix
@@ -3,5 +3,7 @@ let
   inherit (config.networking) hostName;
 in
 {
+  services.tailscale.enable = true;
+
   networking.domain = ops.hosts.${hostName}.domain;
 }
diff --git a/machines/gabbro/networking.nix b/machines/gabbro/networking.nix
index 9a5fdb14..ebd74070 100644
--- a/machines/gabbro/networking.nix
+++ b/machines/gabbro/networking.nix
@@ -3,5 +3,7 @@ let
   inherit (config.networking) hostName;
 in
 {
+  services.tailscale.enable = true;
+
   networking.domain = ops.hosts.${hostName}.domain;
 }
diff --git a/machines/hierophant/networking.nix b/machines/hierophant/networking.nix
index 1b006a28..c8102b9d 100644
--- a/machines/hierophant/networking.nix
+++ b/machines/hierophant/networking.nix
@@ -7,5 +7,6 @@ in
   networking.nameservers = dns.nameservers.cloudflare;
 
   # Allow this host to function as a Tailscale exit node.
+  services.tailscale.enable = true;
   services.tailscale.useRoutingFeatures = "both";
 }
diff --git a/machines/hodgepodge/default.nix b/machines/hodgepodge/default.nix
index ccc1b7ab..9cfeaeb5 100644
--- a/machines/hodgepodge/default.nix
+++ b/machines/hodgepodge/default.nix
@@ -28,6 +28,8 @@
     };
   };
 
+  services.tailscale.enable = true;
+
   networking.usePredictableInterfaceNames = false;
   networking.firewall.enable = true;
 
diff --git a/machines/ryosuke/default.nix b/machines/ryosuke/default.nix
index 2a447d65..ba5eb753 100644
--- a/machines/ryosuke/default.nix
+++ b/machines/ryosuke/default.nix
@@ -26,5 +26,7 @@
   time.timeZone = "America/New_York";
   networking.firewall.enable = true;
 
+  services.tailscale.enable = true;
+
   system.stateVersion = "22.05";
 }
diff --git a/nixos/profiles/networking/tailscale.nix b/nixos/profiles/networking/tailscale.nix
index c8af1d5a..35f3962b 100644
--- a/nixos/profiles/networking/tailscale.nix
+++ b/nixos/profiles/networking/tailscale.nix
@@ -1,11 +1,5 @@
-{
-  lib,
-  config,
-  # pkgs,
-  ...
-}:
-{
-  services.tailscale.enable = true;
+{ lib, config, ... }:
+lib.mkIf config.services.tailscale.enable {
   services.tailscale.interfaceName = "ts0";
   services.tailscale.useRoutingFeatures = "client";