Sorry for necro-ing the thread, but I felt it would be useful to post and underline that jay’s idea of the ip_nonlocal_bind setting in sysctl is a great solution to this problem.
I too had the same problem of being locked out of the server after a reboot since sshd fails to start because the tailscale interface takes some seconds to properly set up the ip address. This applies probably to any service that tries to bind to the tailscale IP address too early.
As an aside, the sshd systemd configuration does specify retries but it does not actually restart because in the specific failure case of being unable to bind to an IP, it returns error code 255 which makes systemd not retry to start the service. More info in debian bugreport [1]
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923508
P.S. This issue is also discussed here in the forums in another thread [2], but that did not have any solution. The supportbot’s suggestion of modifiying all systemd configurations for all services on the machine is very brittle and a pain to do in practice.