{
  config = {
    services.headscale.settings.dns = {
      override_local_dns = true;
      magic_dns = true;
      base_domain = "ts";

      nameservers.global = [
        #"100.64.0.4"
        "9.9.9.9"
      ];

      extra_records =
        let
          mkRecords = map (sub: {
            name = "${sub}.ccnlc.eu";
            type = "A";
            value = "100.64.0.4";
          });
        in
        [
          {
            name = "ccnlc.eu";
            type = "A";
            value = "100.64.0.4";
          }
          {
            name = "git.ccnlc.eu";
            type = "A";
            value = "100.64.0.3";
          }
        ]
        # Tailscale doesn't seem to support wildcard A/AAAA records
        # - https://github.com/juanfont/headscale/issues/2159#issuecomment-2393406444
        ++ mkRecords [
          "immich"
          "adguard"
          "nextcloud"
          "kitchenowl"
          "navidrome"
          "subsonic"
          "nextcloud"
          "paperless"
          "truenas"
          "fritz"
          "dav"
          "ntfy"
          "octoprint"
          "assistant"
          "rss"
        ];
    };
  };
}