diff --git a/flakes/common/nix_modules/tailnet.nix b/flakes/common/nix_modules/tailnet/default.nix
similarity index 76%
rename from flakes/common/nix_modules/tailnet.nix
rename to flakes/common/nix_modules/tailnet/default.nix
index bcc151e4..da0260e7 100644
--- a/flakes/common/nix_modules/tailnet.nix
+++ b/flakes/common/nix_modules/tailnet/default.nix
@@ -11,11 +11,19 @@ let
       secrets = config.age.secrets or { };
     in
     secrets ? ${secret} && secrets.${secret} != null;
+
+  # Shared DNS records for h001 services - used for /etc/hosts fallback
+  h001Dns = import ./h001_dns.nix;
 in
 {
   environment.systemPackages = with pkgs; [ tailscale ];
   boot.kernelModules = [ "tun" ];
 
+  # Add /etc/hosts entries for h001 services as fallback for headscale DNS
+  networking.hosts = {
+    "${h001Dns.ip}" = map (name: "${name}.${h001Dns.baseDomain}") h001Dns.subdomains;
+  };
+
   services.tailscale = {
     enable = true;
     openFirewall = true;
diff --git a/flakes/common/nix_modules/tailnet/h001_dns.nix b/flakes/common/nix_modules/tailnet/h001_dns.nix
new file mode 100644
index 00000000..69fd205d
--- /dev/null
+++ b/flakes/common/nix_modules/tailnet/h001_dns.nix
@@ -0,0 +1,27 @@
+# Shared DNS records for h001 services
+# Used by headscale for DNS splitting and by other hosts for /etc/hosts fallback
+{
+  # h001's tailscale IP
+  ip = "100.64.0.13";
+
+  # List of subdomain names that point to h001
+  subdomains = [
+    "jellyfin"
+    "media"
+    "notes"
+    "chat"
+    "sso-proxy"
+    "n8n"
+    "sec"
+    "sso"
+    "gist"
+    "git"
+    "blog"
+    "etebase"
+    "photos"
+    "location"
+  ];
+
+  # Base domain
+  baseDomain = "joshuabell.xyz";
+}