diff --git a/hosts/linode/l001/flake.lock b/hosts/linode/l001/flake.lock
index 1493a078..e855cd52 100644
--- a/hosts/linode/l001/flake.lock
+++ b/hosts/linode/l001/flake.lock
@@ -3,11 +3,11 @@
     "common": {
       "locked": {
         "dir": "flakes/common",
-        "lastModified": 1766036507,
-        "narHash": "sha256-ZFJjJVkWlefIhsJ2vHniBnqqnTCa9qGW3pQOXUU4X1I=",
+        "lastModified": 1770664771,
+        "narHash": "sha256-8X1QU1bmy0hQe2PnpVcg1trna4BO+bpTpC79mWsz1rY=",
         "ref": "refs/heads/master",
-        "rev": "fca1bd9d8f4d7e345b373f69c9d2b40d9fa33f59",
-        "revCount": 952,
+        "rev": "94249e7bcbfed6a04baa01972661bd1901a95f68",
+        "revCount": 1248,
         "type": "git",
         "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
       },
diff --git a/hosts/linode/l001/headscale.nix b/hosts/linode/l001/headscale.nix
index ce31d5b6..58a1e269 100644
--- a/hosts/linode/l001/headscale.nix
+++ b/hosts/linode/l001/headscale.nix
@@ -1,4 +1,7 @@
 { pkgs, ... }:
+let
+  h001Dns = import ../../../flakes/common/nix_modules/tailnet/h001_dns.nix;
+in
 {
   config = {
     # TODO backup /var/lib/headscale data
@@ -17,40 +20,11 @@
           magic_dns = true;
           base_domain = "net.joshuabell.xyz";
           override_local_dns = false;
-          # nameservers.global = [
-          #   "1.1.1.1"
-          #   "1.0.0.1"
-          #   "8.8.8.8"
-          #   "8.8.4.4"
-          #   "9.9.9.9"
-          #   "9.9.9.10"
-          # ];
-          extra_records =
-            let
-              # DNS splitting at the tailscale network level. We intercept these domains
-              # when connected to tailscale and skip my global/internet facing DNS proxy
-              h001ARecord = name: {
-                type = "A";
-                name = "${name}.joshuabell.xyz";
-                value = "100.64.0.13";
-              };
-            in
-            [
-              (h001ARecord "jellyfin")
-              (h001ARecord "media")
-              (h001ARecord "notes")
-              (h001ARecord "chat")
-              (h001ARecord "sso-proxy")
-              (h001ARecord "n8n")
-              (h001ARecord "sec")
-              (h001ARecord "sso")
-              (h001ARecord "gist")
-              (h001ARecord "git")
-              (h001ARecord "blog")
-              (h001ARecord "etebase")
-              (h001ARecord "photos")
-              (h001ARecord "location")
-            ];
+          extra_records = map (name: {
+            type = "A";
+            name = "${name}.${h001Dns.baseDomain}";
+            value = h001Dns.ip;
+          }) h001Dns.subdomains;
         };
       };
     };
diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock
index 792decf3..2e3220fe 100644
--- a/hosts/lio/flake.lock
+++ b/hosts/lio/flake.lock
@@ -64,11 +64,11 @@
     "common": {
       "locked": {
         "dir": "flakes/common",
-        "lastModified": 1770613864,
-        "narHash": "sha256-Wn/dJdzToNfAqrZp1oRbXTvcF88UUCYkfOBPLsHpHNY=",
+        "lastModified": 1770664771,
+        "narHash": "sha256-8X1QU1bmy0hQe2PnpVcg1trna4BO+bpTpC79mWsz1rY=",
         "ref": "refs/heads/master",
-        "rev": "9e5e3cd4fa9ddae4ede2ba6c83f3c734a33f27b4",
-        "revCount": 1240,
+        "rev": "94249e7bcbfed6a04baa01972661bd1901a95f68",
+        "revCount": 1248,
         "type": "git",
         "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
       },