diff --git a/machines/hippocampus/modules/containerHeadscale.nix b/machines/hippocampus/modules/containerHeadscale.nix
index f3028f4..00f925e 100644
--- a/machines/hippocampus/modules/containerHeadscale.nix
+++ b/machines/hippocampus/modules/containerHeadscale.nix
@@ -12,10 +12,6 @@
       };
     };
     config = {config, pkgs, ...}: {
-      imports = [
-        ./tailscale.nix
-      ];
-      
       networking.nameservers = [ "1.1.1.1" ];
       networking.useHostResolvConf = false;
 
@@ -26,8 +22,8 @@
       services.tailscale = {
         enable = true;
         useRoutingFeatures = "client";
-        authTokenPath = "/var/tailauth";
-        authUrl = authServer;
+        authKeyFile = "/var/tailauth";
+        extraUpFlags = ["--login-server" "${authServer}"];
       };
     };
   };
diff --git a/machines/hippocampus/modules/tailscale.nix b/machines/hippocampus/modules/tailscale.nix
deleted file mode 100644
index f3928e7..0000000
--- a/machines/hippocampus/modules/tailscale.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{config, pkgs, lib, ...}:
-with lib;
-let
-  cfg = config.services.tailscale;
-  defPath = if config.services.headscale.enable then "${config.services.headscale.settings.server_url}" else null;
-in {
-  # Configure tailscale to allow specifiying user login and auth path
-  options.services.tailscale = {
-    authTokenPath = mkOption {
-      type = types.nullOr types.path;
-      default = null;
-      description = "Should tailscale automatically login with the given authtoken file";
-    };
-    authUrl = mkOption {
-      type = types.nullOr types.str;
-      default = defPath;
-      description = "Server URL of head/tailscale";
-    };
-  };
-
-  config = let
-    waitGen = optional (cfg.authTokenPath == defPath) "headscale-preauth-regen-${name}";
-  in {
-    systemd.services.tailscale_autologin = mkIf (cfg.enable && cfg.authTokenPath != null) {
-      wantedBy = ["tailscaled.service"];
-      after = ["tailscaled.service"] ++ waitGen;
-      script = ''
-        ${pkgs.tailscale}/bin/tailscale up --login-server ${cfg.authUrl} --authkey $(cat ${cfg.authTokenPath})
-      '';      
-      serviceConfig = {
-        Type = "simple";
-      };
-    };
-  };
-}
diff --git a/machines/hippocampus/services/tailscale.nix b/machines/hippocampus/services/tailscale.nix
index 3a7036f..162b9ae 100644
--- a/machines/hippocampus/services/tailscale.nix
+++ b/machines/hippocampus/services/tailscale.nix
@@ -4,16 +4,13 @@ let
 in {
   imports = [
     ../modules/headscale.nix
-    ../modules/tailscale.nix
   ];
   services.headscale.ensureUsers = {
     "${tailUser}" = {};
   };
   services.tailscale = {
     enable = true;
-    authTokenPath = config.services.headscale.ensureUsers."${tailUser}".path;
-  };
-  systemd.services.tailscale_autologin = {
-    after = ["headscale-preauth-${tailUser}.service"];
+    extraUpFlags = ["--login-server" "${config.services.headscale.settings.server_url}"];
+    authKeyFile = config.services.headscale.ensureUsers."${tailUser}".path;
   };
 }