diff --git a/talos/clusters/default.yaml b/talos/clusters/default.yaml
index 385a65d..a74caeb 100644
--- a/talos/clusters/default.yaml
+++ b/talos/clusters/default.yaml
@@ -45,9 +45,6 @@ default:
       - 8.8.8.8
     tailscale:
       server: https://headscale.huizinga.dev
-      authKey:
-        file: tailscale.key
-      advertiseRoutes: true
   ntp: nl.pool.ntp.org
   install:
     auto: true
diff --git a/talos/clusters/testing.yaml b/talos/clusters/testing.yaml
index a67ab30..c097238 100644
--- a/talos/clusters/testing.yaml
+++ b/talos/clusters/testing.yaml
@@ -10,6 +10,9 @@ default:
     interface: ens5
     netmask: 255.255.255.0
     gateway: 192.168.1.1
+    tailscale:
+      authKey:
+        file: testing/tailscale.key
   sops:
     file: testing/age.key
   install:
diff --git a/talos/clusters/titan.yaml b/talos/clusters/titan.yaml
index 2c5e1b2..1a90e97 100644
--- a/talos/clusters/titan.yaml
+++ b/talos/clusters/titan.yaml
@@ -11,6 +11,9 @@ default:
   network:
     netmask: 255.255.252.0
     gateway: 10.0.0.1
+    tailscale:
+      authKey:
+        file: testing/tailscale.key
   sops:
     file: titan/age.key
   install:
diff --git a/talos/nodes/testing/talos-vm.yaml b/talos/nodes/testing/talos-vm.yaml
index 0042cca..c76c678 100644
--- a/talos/nodes/testing/talos-vm.yaml
+++ b/talos/nodes/testing/talos-vm.yaml
@@ -4,3 +4,5 @@ install:
   serial: talos-vm
 network:
   ip: 192.168.1.2
+  tailscale:
+    advertiseRoutes: true
diff --git a/talos/patches/networking/tailscale.yaml b/talos/patches/networking/tailscale.yaml
index d52e94d..b0ba849 100644
--- a/talos/patches/networking/tailscale.yaml
+++ b/talos/patches/networking/tailscale.yaml
@@ -4,5 +4,5 @@ kind: ExtensionServiceConfig
 name: tailscale
 environment:
   - TS_AUTHKEY={{ node.network.tailscale.authKey }}
-  - TS_EXTRA_ARGS={% if node.network.tailscale.server %}--login-server {{ node.network.tailscale.server }} {% endif %}--advertise-tags=tag:cluster-{{ cluster.name }}
+  - TS_EXTRA_ARGS={% if node.network.tailscale.server %}--login-server {{ node.network.tailscale.server }}{% endif +%}
   - TS_ROUTES={% if node.network.tailscale.advertiseRoutes %}{{node.network.ip}}/{{ node.network.netmask | to_prefix }}{% endif %}
diff --git a/talos/secrets/tailscale.key b/talos/secrets/tailscale.key
deleted file mode 100644
index 89f0b3a..0000000
Binary files a/talos/secrets/tailscale.key and /dev/null differ
diff --git a/talos/secrets/testing/tailscale.key b/talos/secrets/testing/tailscale.key
new file mode 100644
index 0000000..73b08c1
Binary files /dev/null and b/talos/secrets/testing/tailscale.key differ
diff --git a/talos/secrets/titan/tailscale.key b/talos/secrets/titan/tailscale.key
new file mode 100644
index 0000000..7202c5d
Binary files /dev/null and b/talos/secrets/titan/tailscale.key differ