diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index e86dbc4..c6a9e01 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -92,6 +92,14 @@
         networkInterface = "bond0";
       };
     };
+    nextcloud = {
+      enable = true;
+      subdomain = "drive";
+    };
+    headscale = {
+      enable = true;
+      subdomain = "vpn";
+    };
   };
   networking = {
     hostId = "c51763d6";
diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix
deleted file mode 100644
index 958bc08..0000000
--- a/configurations/nixos/defiant/services.nix
+++ /dev/null
@@ -1,94 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: {
-  imports = [];
-
-  options = {
-    apps = {
-      base_domain = lib.mkOption {
-        type = lib.types.str;
-      };
-      headscale = {
-        subdomain = lib.mkOption {
-          type = lib.types.str;
-          description = "subdomain of base domain that headscale will be hosted at";
-          default = "headscale";
-        };
-        hostname = lib.mkOption {
-          type = lib.types.str;
-          description = "hostname that headscale will be hosted at";
-          default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}";
-        };
-      };
-      nextcloud = {
-        subdomain = lib.mkOption {
-          type = lib.types.str;
-          description = "subdomain of base domain that nextcloud will be hosted at";
-          default = "nextcloud";
-        };
-        hostname = lib.mkOption {
-          type = lib.types.str;
-          description = "hostname that nextcloud will be hosted at";
-          default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}";
-        };
-      };
-    };
-  };
-
-  config = {
-    systemd = {
-      services = {
-        headscale = {
-          after = ["postgresql.service"];
-          requires = ["postgresql.service"];
-        };
-      };
-    };
-
-    services = {
-      # DNS stub needs to be disabled so pi hole can bind
-      # resolved.extraConfig = "DNSStubListener=no";
-      headscale = {
-        enable = true;
-        user = "headscale";
-        group = "headscale";
-        address = "0.0.0.0";
-        port = 8080;
-        settings = {
-          server_url = "https://${config.apps.headscale.hostname}";
-          dns.base_domain = "clients.${config.apps.headscale.hostname}";
-          logtail.enabled = true;
-          database = {
-            type = "postgres";
-            postgres = {
-              host = "/run/postgresql";
-              port = config.services.postgresql.settings.port;
-              user = "headscale";
-              name = "headscale";
-            };
-          };
-        };
-      };
-
-      nginx = {
-        enable = true;
-        virtualHosts = {
-          ${config.apps.headscale.hostname} = {
-            # forceSSL = true;
-            # enableACME = true;
-            locations."/" = {
-              proxyPass = "http://localhost:${toString config.services.headscale.port}";
-              proxyWebsockets = true;
-            };
-          };
-        };
-      };
-    };
-
-    environment.systemPackages = [
-      config.services.headscale.package
-    ];
-  };
-}
diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix
index b44eec7..9696617 100644
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@@ -10,5 +10,6 @@
     ./home-assistant.nix
     ./pihole.nix
     ./nextcloud.nix
+    ./headscale.nix
   ];
 }
diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix
new file mode 100644
index 0000000..4495a4a
--- /dev/null
+++ b/modules/nixos-modules/server/headscale.nix
@@ -0,0 +1,61 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}";
+in {
+  options.host.headscale = {
+    enable = lib.mkEnableOption "should headscale be enabled on this computer";
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+      description = "subdomain of base domain that headscale will be hosted at";
+      default = "headscale";
+    };
+  };
+
+  config = lib.mkIf config.host.headscale.enable {
+    host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {
+      target = "http://localhost:${toString config.services.headscale.port}";
+    };
+
+    systemd = {
+      services = {
+        headscale = {
+          after = ["postgresql.service"];
+          requires = ["postgresql.service"];
+        };
+      };
+    };
+
+    services = {
+      # DNS stub needs to be disabled so pi hole can bind
+      # resolved.extraConfig = "DNSStubListener=no";
+      headscale = {
+        enable = true;
+        user = "headscale";
+        group = "headscale";
+        address = "0.0.0.0";
+        port = 8080;
+        settings = {
+          server_url = "https://${hostname}";
+          dns.base_domain = "clients.${hostname}";
+          logtail.enabled = true;
+          database = {
+            type = "postgres";
+            postgres = {
+              host = "/run/postgresql";
+              port = config.services.postgresql.settings.port;
+              user = "headscale";
+              name = "headscale";
+            };
+          };
+        };
+      };
+    };
+
+    environment.systemPackages = [
+      config.services.headscale.package
+    ];
+  };
+}