diff --git a/devices/cluster/modules/headscale/default.nix b/devices/cluster/modules/headscale/default.nix
index 956354e..525d57e 100644
--- a/devices/cluster/modules/headscale/default.nix
+++ b/devices/cluster/modules/headscale/default.nix
@@ -6,60 +6,69 @@
   ...
 }: let
   inherit (builtins) readFile;
+  inherit (lib) mkAfter mkOption;
+
   inherit (config.vars) mainUser hostName;
   headscale-flake = headscale.packages.${pkgs.system}.headscale;
 
   clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
 in {
-  environment.systemPackages = [headscale-flake];
-  users.users.${mainUser}.extraGroups = ["headscale"];
+  # FIXME: wait for nixpkgs to reach this : https://github.com/juanfont/headscale/commit/94b30abf56ae09d82a1541bbc3d19557914f9b27
+  options.services.headscale.settings.db_type = mkOption {
+    type = lib.types.enum ["sqlite" "postgres"];
+  };
 
-  home-manager.users.${mainUser}
-    .programs.bash.bashrcExtra = lib.mkAfter (readFile ./completion.bash);
+  config = {
+    environment.systemPackages = [headscale-flake];
+    users.users.${mainUser}.extraGroups = ["headscale"];
 
-  services.headscale = {
-    enable = true;
-    package = headscale-flake;
+    home-manager.users.${mainUser}
+    .programs.bash.bashrcExtra = mkAfter (readFile ./completion.bash);
 
-    address = clusterIP;
-    port = 8085;
+    services.headscale = {
+      enable = true;
+      package = headscale-flake;
 
-    settings = {
-      server_url = "https://headscale.nelim.org";
-      ip_prefixes = ["100.64.0.0/10"];
-      metrics_listen_addr = "127.0.0.1:9090";
-      grpc_listen_addr = "0.0.0.0:50443";
-      grpc_allow_insecure = false;
-      disable_check_updates = true;
-      unix_socket_permission = "0770";
+      address = clusterIP;
+      port = 8085;
 
-      db_type = "sqlite3";
-      db_path = "/var/lib/headscale/db.sqlite";
-      private_key_path = "/var/lib/headscale/private.key";
-      noise.private_key_path = "/var/lib/headscale/noise_private.key";
+      settings = {
+        server_url = "https://headscale.nelim.org";
+        ip_prefixes = ["100.64.0.0/10"];
+        metrics_listen_addr = "127.0.0.1:9090";
+        grpc_listen_addr = "0.0.0.0:50443";
+        grpc_allow_insecure = false;
+        disable_check_updates = true;
+        unix_socket_permission = "0770";
 
-      dns_config = let
-        caddyIp =
-          if hostName == "thingone"
-          then "100.64.0.8"
-          else "100.64.0.9";
-      in {
-        magic_dns = false;
-        override_local_dns = true;
-        nameservers = [caddyIp];
-      };
+        db_type = "sqlite";
+        db_path = "/var/lib/headscale/db.sqlite";
+        private_key_path = "/var/lib/headscale/private.key";
+        noise.private_key_path = "/var/lib/headscale/noise_private.key";
 
-      derp = {
-        urls = [];
+        dns_config = let
+          caddyIp =
+            if hostName == "thingone"
+            then "100.64.0.8"
+            else "100.64.0.9";
+        in {
+          magic_dns = false;
+          override_local_dns = true;
+          nameservers = [caddyIp];
+        };
 
-        server = {
-          enabled = true;
-          stun_listen_addr = "${clusterIP}:3479";
-          private_key_path = "/var/lib/headscale/derp_server_private.key";
+        derp = {
+          urls = [];
 
-          region_id = 995;
-          region_code = "mon";
-          region_name = "montreal";
+          server = {
+            enabled = true;
+            stun_listen_addr = "${clusterIP}:3479";
+            private_key_path = "/var/lib/headscale/derp_server_private.key";
+
+            region_id = 995;
+            region_code = "mon";
+            region_name = "montreal";
+          };
         };
       };
     };
diff --git a/flake.lock b/flake.lock
index fe7aff8..73aecdd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -392,17 +392,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1707460001,
-        "narHash": "sha256-K9ULZEAr4mdB6ds/uoAcwLecj+ss2OQvJHKk+P91REA=",
+        "lastModified": 1711135921,
+        "narHash": "sha256-vv8+DnV4inQn+MfXCB0WMVLXAW4NbP2Em3VASbjeIjA=",
         "owner": "juanfont",
         "repo": "headscale",
-        "rev": "00e7550e760b2d3d759471ff55d2b6e2dc81ad2b",
+        "rev": "8a8e25a8d1e6bc5fa27b7f72f99bbf24b290e0a6",
         "type": "github"
       },
       "original": {
         "owner": "juanfont",
         "repo": "headscale",
-        "rev": "00e7550e760b2d3d759471ff55d2b6e2dc81ad2b",
         "type": "github"
       }
     },
diff --git a/flake.nix b/flake.nix
index 098e2cc..a6a2cc8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -171,9 +171,6 @@
       owner = "juanfont";
       repo = "headscale";
 
-      # FIXME: wait for nixpkgs to reach this : https://github.com/juanfont/headscale/commit/94b30abf56ae09d82a1541bbc3d19557914f9b27
-      rev = "00e7550e760b2d3d759471ff55d2b6e2dc81ad2b";
-
       inputs.nixpkgs.follows = "nixpkgs";
     };