{ pkgs, config, ...}: {
  services.headscale = {
    enable = true;
    address = "0.0.0.0";
    port = 35893;
    settings = { 
      dns = {
        base_domain = "vpn.matri.cx";
        nameservers.global = ["192.168.0.130" "1.1.1.1"];
      };
      logtail.enabled = false; 
      noise.private_key_path = "/var/lib/headscale/noise_private.key";
      server_url = "https://vpn.matri.cx:443";
    };
  };
  services.tailscale = {
    enable = true;
    extraUpFlags = [
      "--accept-routes" "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--login-server=https://vpn.matri.cx"
    ];
    useRoutingFeatures = "both";
  };
}