fix damocles cgroup broken after sleep with network switch

nixosConfigurations/damocles/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, self, ... }:
+{ pkgs, lib, self, ... }:
 {
   imports = [ ./android-dev.nix ];
 
@@ -6,6 +6,12 @@
 
   boot.isContainer = true;
 
+  # Container shares host network namespace (privateNetwork = false), so the
+  # host's tailscale already covers this. Running a second tailscaled in the
+  # same netns fights over routing and breaks connectivity after sleep/wake.
+  services.tailscale.enable = lib.mkForce false;
+  networking.firewall.checkReversePath = lib.mkForce "strict";
+
   allowedUnfreePackages = [ "claude-code" ];
 
   environment.systemPackages = with pkgs; [