diff --git a/common/linux-specific.nix b/common/linux-specific.nix
index 8cf87fb..1bb0df6 100644
--- a/common/linux-specific.nix
+++ b/common/linux-specific.nix
@@ -1,3 +1,4 @@
+{ config, ... }:
 {
   imports = [ ./users ];
 
@@ -50,4 +51,20 @@
     '';
     settings.PasswordAuthentication = false;
   };
+
+  services.earlyoom = {
+    enable = true;
+    freeSwapThreshold = 5;
+    freeMemThreshold = 5;
+    extraArgs = [
+      "-g"
+      "--avoid '^(sshd|systemd.*|tailscale.*|)$'"
+    ];
+  };
+  # Fix Wireguard and Tailscale with NetworkManager
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
 }