diff --git a/hosts/vps1/kanidm.nix b/hosts/vps1/kanidm.nix
index d2a2a9b..a4c7bff 100644
--- a/hosts/vps1/kanidm.nix
+++ b/hosts/vps1/kanidm.nix
@@ -30,6 +30,12 @@ in
       };
     };
 
+  # LDAP server binds to tailscale network interface
+  systemd.services.kanidm = {
+    requires = [ "tailscaled.service" ];
+    after = [ "tailscaled.service" ];
+  };
+
   services.nginx.virtualHosts = {
     "${domain}" = {
       useACMEHost = "${domain}";