diff --git a/hosts/architect/headscale.nix b/hosts/architect/headscale.nix
index 6b01593..12ae648 100644
--- a/hosts/architect/headscale.nix
+++ b/hosts/architect/headscale.nix
@@ -1,8 +1,9 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   domain = "vipienne.giugl.io";
-  network = import ./network.nix;
+  architectInterfaceAddress = interface:
+    config.architect.networks.${interface}.devices.architect.address;
 in
 {
   architect.firewall = {
@@ -10,9 +11,9 @@ in
   };
 
   networking.extraHosts = ''
-    ${network.architect-lan} ${domain}
-    ${network.architect-wg} ${domain}
-    ${network.architect-ts} ${domain}
+    ${architectInterfaceAddress "lan"} ${domain}
+    ${architectInterfaceAddress "wireguard"} ${domain}
+    ${architectInterfaceAddress "tailscale"} ${domain}
   '';
 
   environment.systemPackages = [ pkgs.unstablePkgs.headscale ];
@@ -28,13 +29,17 @@ in
       settings = {
         dns_config = {
           magic_dns = true;
-#          domains = [ "giugl.io" "runas.rocks" ];
-#          base_domain = "giugl.io";
+          domains = [
+            "giugl.io"
+            "runas.rocks"
+            "devs.giugl.io"
+          ];
+          base_domain = "giugl.io";
           override_local_dns = true;
-          nameservers = "10.4.0.2";
+          nameservers = [ config.architect.networks.tailscale.devices.architect.address ];
         };
         logtail.enabled = false;
-        ip_prefixes = [ "10.4.0.0/24" ];
+        ip_prefixes = [ config.architect.networks.tailscale.net ];
         # The Noise private key is used to encrypt the
         # traffic between headscale and Tailscale clients when
         # using the new Noise-based protocol. It must be different
@@ -43,10 +48,6 @@ in
       };
     };
 
-    # ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
-    # ssl.cert =
-    #   "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
-
     nginx.virtualHosts.${domain} = {
       forceSSL = true;
       enableACME = true;