I don’t think editing the configuration of every service requiring network is the right approach.
Isn’t it the case that Tailscale should always start after network and before any other services which require network? I’d also like to have sshd only listen on Tailscale’s IP but ( and I haven’t tested sshd ) I assume it wouldn’t bind to the tailscale IP on reboot.