diff --git a/lib/modules/headscale/default.nix b/lib/modules/headscale/default.nix
new file mode 100644
index 0000000..04f401b
--- /dev/null
+++ b/lib/modules/headscale/default.nix
@@ -0,0 +1,27 @@
+{config, pkgs, ...}:
+
+let
+
+  domain = "enclave.ctsk.dev";
+  port = 10020;
+
+in {
+
+  services.headscale = {
+    address = "127.0.0.1";
+    port = port;
+    settings = {
+      server_url = "https://${domain}";
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
+    locations."/".proxyWebsockets = true;
+  };
+
+  environment.systemPackages = [ pkgs.headscale ];
+
+}
diff --git a/lib/systems/fugitive/default.nix b/lib/systems/fugitive/default.nix
index 8f4a385..986f682 100644
--- a/lib/systems/fugitive/default.nix
+++ b/lib/systems/fugitive/default.nix
@@ -5,6 +5,7 @@ let
   ports = {
     ssh = [ 2322 2323 2324 ];
     gitea = 10010;
+    headscale = 10020;
   };
 
 in
@@ -13,12 +14,14 @@ in
   imports = [
     ./hardware.nix
     ../../modules/gitea
+    ../../modules/headscale
     ../../users/christian
   ];
 
   services = {
     gitea.enable = true;
     nginx.enable = true;
+    headscale.enable = true;
     openssh = {
       enable = true;
       ports = ports.ssh;