diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix
index 462bc80caf..6d766b5cc6 100644
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@@ -74,4 +74,6 @@
 
   factorio-mods = import ./factorio-mods args;
   libsolv-py = pkgs.callPackage ./libsolv-py.nix { };
+
+  tailscale = import ./tailscale pkgs.tailscale;
 } // (import ./heptapod-runner args)
diff --git a/nix/pkgs/tailscale/default.nix b/nix/pkgs/tailscale/default.nix
new file mode 100644
index 0000000000..c5ade28b19
--- /dev/null
+++ b/nix/pkgs/tailscale/default.nix
@@ -0,0 +1,16 @@
+tailscale:
+
+tailscale.overrideAttrs (old: {
+  postPatch = ''
+    ${old.postPatch or ""}
+
+    # Always use the polling monitor on routers.  The netlink-based monitor is
+    # effectively just a wakeup-every-250ms system which causes ridiculously
+    # high CPU.
+    rm wgengine/monitor/monitor_linux.go
+    substituteInPlace wgengine/monitor/monitor_polling.go \
+      --replace \
+        "//go:build (!linux && !freebsd && !windows && !darwin) || android" \
+        ""
+  '';
+})
diff --git a/ops/nixos/cofractal-ams01/default.nix b/ops/nixos/cofractal-ams01/default.nix
index 5a9ecd1622..5649af2997 100644
--- a/ops/nixos/cofractal-ams01/default.nix
+++ b/ops/nixos/cofractal-ams01/default.nix
@@ -168,6 +168,7 @@ in
     }
   ];
 
+  services.tailscale.package = depot.nix.pkgs.tailscale;
   systemd.network.config.networkConfig.ManageForeignRoutes = "no";
   systemd.mounts = let
     bindMount' = dir: {