diff --git a/modules/nixos/network.nix b/modules/nixos/network.nix
index 300aab87..aa8d51fe 100644
--- a/modules/nixos/network.nix
+++ b/modules/nixos/network.nix
@@ -18,6 +18,14 @@ with lib; {
       trustedInterfaces = [config.services.tailscale.interfaceName];
       allowedUDPPorts = [config.services.tailscale.port];
     };
+    systemd.network = {
+      wait-online.ignoredInterfaces = [config.services.tailscale.interfaceName];
+      networks."50-tailscale" = {
+        networkConfig = {
+          DNSDefaultRoute = false;
+        };
+      };
+    };
 
     services.tailscale.enable = true;
 
@@ -38,7 +46,9 @@ with lib; {
       # have the job run this shell script
       script = with pkgs; ''
         # wait for tailscaled to settle
-        sleep 2
+        sleep 5
+
+        resolvectl revert ${config.services.tailscale.interfaceName} || false
 
         # check if we are already authenticated to tailscale
         status="$(${getExe tailscale} status -json | ${getExe jq} -r .BackendState)"
diff --git a/tewi/nixos.nix b/tewi/nixos.nix
index eefcf4d7..3749d543 100644
--- a/tewi/nixos.nix
+++ b/tewi/nixos.nix
@@ -64,12 +64,8 @@ in {
   sops.defaultSopsFile = ./secrets.yaml;
 
   networking = {
+    useNetworkd = true;
     useDHCP = false;
-    interfaces = {
-      eno1 = {
-        useDHCP = true;
-      };
-    };
   };
   services.resolved.enable = true;
 
@@ -207,6 +203,25 @@ in {
         ];
       };
     };
+    network = {
+      networks.eno1 = {
+        inherit (config.systemd.network.links.eno1) matchConfig;
+        networkConfig = {
+          DHCP = "yes";
+          DNSDefaultRoute = true;
+          MulticastDNS = true;
+        };
+      };
+      links.eno1 = {
+        matchConfig = {
+          Type = "ether";
+          Driver = "e1000e";
+        };
+        linkConfig = {
+          WakeOnLan = "magic";
+        };
+      };
+    };
   };
 
   swapDevices = lib.singleton {
diff --git a/tewi/secrets.yaml b/tewi/secrets.yaml
index 21ccaf0a..d85fc5cb 100644
--- a/tewi/secrets.yaml
+++ b/tewi/secrets.yaml
@@ -6,7 +6,7 @@ tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/
 vouch-client-secret: ENC[AES256_GCM,data:4MZL99JM4AeUcUfZ8a335utxgqvdH5PCc1R3KAvuOGpaWFGmU7CaD3vV5eLJ62gJ,iv:n1xbPBHi2TcZ12lm7LqItv2aOo7dkgzRh10uxFsy3yM=,tag:+fmJzYMhbiUae/kSyWbT5Q==,type:str]
 vouch-jwt: ENC[AES256_GCM,data:XDalZtedsBNnDYApmWpdYR9yHBvNXA2DlMmKyCPmcMlqTlbAIVL702/HzTaWLvwpgVXpn3pgG8hNXm9rUE764Q==,iv:qyvGCsildhYgzQiYQ4M0H6eFYrKp8aTkwEeZywpQqHM=,tag:ogtAgvpYE43VPhLhD4NuNA==,type:str]
 openscsi-config: ENC[AES256_GCM,data:pLfiDNSx3ghibiWgfV8vXqgXHJaA7dYwl7Tlqs11+XOGQ7gZPFavmhQfak6/LrD0boyM/vj6oXgp,iv:wuG4BIZeyxT3RXmXpvItByf3NDiKpCpMWWhsmmsG4l0=,tag:brFZh8mLv2WHQHPtK70bxQ==,type:str]
-openscsi-env: ENC[AES256_GCM,data:QYf6GNIEYmUHIwTtmK9b/C+EVb+pt0jKYVTv3kT+Vgb82JFMyVtD,iv:MEKyzwbxvfmNyZfsVhWaa2zVbxRHS89joupnJQuiCmE=,tag:UftcgxyzK3FX/pUDDFC+xQ==,type:str]
+openscsi-env: ENC[AES256_GCM,data:qOrDDPSnEJVHBPvrbqTOPx5hffqR2INn+ZuMpP/dplmPhKbJIyJo+w==,iv:lWeiAA1L24tL7VFFnXTcTKqYbkCd5i2WXlBKoEbyEPo=,tag:oBSSczca6OUEe5GhnvS5gA==,type:str]
 systemd2mqtt-env: ENC[AES256_GCM,data:Zo3+acCcMWgai2ERKbmOlI0hvdkOlNviBqeLb1ALuA==,iv:NxXBDCEevBRqMDY9/3z/Uq2+vENswkYTgTa82wKc32U=,tag:01WUphYRJrwmHv9HE4ac8w==,type:str]
 z2m-secret: ENC[AES256_GCM,data:SCxz8nbB/QhfPcAzSEDHMpiQnjv+j0xLtg/20qf5ZEe3P5YRaiKXMSqdw6MX7uQtGh8T44raEgS8PFuGKXY423GV/MNPSzMl16DLBwU5P7TL6lYT97uVYRIqWMKqtPy/1f155743wH8HsJvslmg=,iv:Yw9dvH1dBq+vxHvKm0eeHlqVHRdUuzL71mDTbIF7DDg=,tag:bCiDNSwq7P21TwblvVGq6A==,type:str]
 deluge-auth: ENC[AES256_GCM,data:qJP/CztnN7RV4Z3pP+jbH1B0zzBm8oa3n3X0pecEVe7UI3+NOSwFaQCBD7Q7JDxzh+qTNdQ/wWi7w0XJDG+aRIikgDG28S9RjdPL/w==,iv:GUEwmuk3JWMgsXsDgDrObW657WcN6wcYAsgXhK4Dvx0=,tag:vZMQ67j5kWBWOa6ZqCaQHw==,type:str]
@@ -39,8 +39,8 @@ sops:
             VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
             7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-19T14:31:25Z"
-    mac: ENC[AES256_GCM,data:fFk0FUx46RH7ebOgQ1rUucIQG2woKbtWuaWmlbCK3lLEYxxMdhYDV3UrKy33TgWXNwg5deHIKGOQEJNYqwk2JRB6OVVBqm4IFgSJoHuB4CkgyfR0kstB28UFppifOljhxNeXZTmu1mVw+tcqCmg3FD6gc4IHjNiTJKwrEr/Krws=,iv:QbjDkhFZwuHl5knyaBVd2RxxzzlkNbK2mnIJ4Z5k8k8=,tag:BvuRwGtpbDIvgJKUy5bgPw==,type:str]
+    lastmodified: "2023-06-04T19:13:59Z"
+    mac: ENC[AES256_GCM,data:TeOARJG8rQN4AjY/jYX5zlba1Kt8Zu8bYg6csdjprjivFXn6sXSJbjmizSxZAMQM+CfE944PT7iKigQpdLJSftqeYRAaQ57sWnbUtKzOguGFrXlP5NqLyBwSvFCk6mtE2gtf/BNyNF2dY3Ns3RKy4BkkTysieK71ggSGnFVjZHQ=,iv:J5TVUlJqJAVpxeUayd88+sZ9WIo3fg7RXYp3zgRFEZ4=,tag:SstL6gpB0jYf9gBzlru0fw==,type:str]
     pgp:
         - created_at: "2023-03-10T17:06:53Z"
           enc: |