diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 7e8ec86..d35fe3d 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -81,12 +81,25 @@ jobs:
             exit 0
           fi
 
+          echo "Expected format: host or host=hostname (comma-separated)"
+
           install -m 700 -d ~/.ssh
           printf '%s\n' "$VM_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
 
-          for host in $(printf '%s' "$TAILSCALE_ENROLL_HOSTS" | tr ',' ' '); do
+          for target in $(printf '%s' "$TAILSCALE_ENROLL_HOSTS" | tr ',' ' '); do
+            host="${target%%=*}"
+            ts_hostname=""
+            if [ "$host" != "$target" ]; then
+              ts_hostname="${target#*=}"
+            fi
+
             echo "Enrolling $host into Tailscale"
-            ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
-              "echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null && sudo chmod 600 /etc/tailscale/authkey && sudo systemctl start tailscale-firstboot.service"
+            if [ -n "$ts_hostname" ]; then
+              ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
+                "set -e; echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null; echo '$ts_hostname' | sudo tee /etc/tailscale/hostname >/dev/null; sudo chmod 600 /etc/tailscale/authkey; sudo hostnamectl set-hostname '$ts_hostname' || true; sudo systemctl restart tailscaled; sudo systemctl start tailscale-firstboot.service"
+            else
+              ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
+                "set -e; echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null; sudo chmod 600 /etc/tailscale/authkey; sudo systemctl restart tailscaled; sudo systemctl start tailscale-firstboot.service"
+            fi
           done
diff --git a/nixos/template-base/configuration.nix b/nixos/template-base/configuration.nix
index 957346b..781adc7 100644
--- a/nixos/template-base/configuration.nix
+++ b/nixos/template-base/configuration.nix
@@ -49,20 +49,21 @@
       RemainAfterExit = true;
     };
     script = ''
-      if [ -f /var/lib/tailscale/.joined ]; then
-        exit 0
-      fi
-
       if [ ! -s /etc/tailscale/authkey ]; then
         exit 0
       fi
 
       key="$(cat /etc/tailscale/authkey)"
-      ${pkgs.tailscale}/bin/tailscale up --auth-key="$key" --hostname="$(hostname)"
+      ts_hostname=""
+      if [ -s /etc/tailscale/hostname ]; then
+        ts_hostname="--hostname=$(cat /etc/tailscale/hostname)"
+      fi
+
+      rm -f /var/lib/tailscale/tailscaled.state
+      ${pkgs.tailscale}/bin/tailscale up --reset --auth-key="$key" $ts_hostname
 
-      install -d -m 0700 /var/lib/tailscale
-      touch /var/lib/tailscale/.joined
       rm -f /etc/tailscale/authkey
+      rm -f /etc/tailscale/hostname
     '';
   };