diff --git a/pulumi/tailscale/policy.hujson b/pulumi/tailscale/policy.hujson
index 417c1fa..e24ca48 100644
--- a/pulumi/tailscale/policy.hujson
+++ b/pulumi/tailscale/policy.hujson
@@ -125,12 +125,12 @@
 			"checkPeriod": "12h0m0s",
 		},
 		// Homelab can SSH to homelab (for ansible, cross-host management)
+		// Tagged devices can't do interactive "check" auth, so use "accept".
 		{
-			"action": "check",
+			"action": "accept",
 			"src":    ["tag:homelab"],
 			"dst":    ["tag:homelab"],
 			"users":  ["autogroup:nonroot"],
-			"checkPeriod": "12h0m0s",
 		},
 	],