diff --git a/hosts/raptus/headscale/acls.nix b/hosts/raptus/headscale/acls.nix
index 4ea9a97..c03308f 100644
--- a/hosts/raptus/headscale/acls.nix
+++ b/hosts/raptus/headscale/acls.nix
@@ -2,6 +2,7 @@
   pkgs,
   options,
   lib,
+  self,
   ...
 }:
 let
@@ -13,6 +14,8 @@ let
     action = "accept";
     inherit src dst users;
   };
+
+  shanMeta = self.nixosConfigurations.shan.config.modules.meta;
 in
 {
   services.headscale.settings.policy.path = pkgs.writeTextFile {
@@ -39,7 +42,7 @@ in
           [
             "tag:guest"
           ]
-          [ "100.64.0.4:443" ]
+          [ "${shanMeta.tailscale.ip}:443" ]
         )
       ];
 
diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix
index ed5677c..2b9e51a 100644
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@@ -28,6 +28,9 @@
   };
 
   modules = {
+    meta = {
+      tailscale.ip = "100.64.0.4";
+    };
     system.networking.bluetooth.enable = true;
     container = {
       kitchenowl = {
diff --git a/options/meta.nix b/options/meta.nix
index 2ca3067..6a3294b 100644
--- a/options/meta.nix
+++ b/options/meta.nix
@@ -1,7 +1,7 @@
 { lib, ... }:
 let
   inherit (lib) mkOption stringLength;
-  inherit (lib.types) str strMatching;
+  inherit (lib.types) str strMatching nullOr;
 
   validateUserName =
     x:
@@ -24,5 +24,11 @@ in
       # Should handle multiple users one day? maybe...
       description = "This system's primary user.";
     };
+    tailscale = {
+      ip = mkOption {
+        default = null;
+        type = nullOr str;
+      };
+    };
   };
 }