diff --git a/hosts/default.nix b/hosts/default.nix
index f96dfb8..5b188da 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -27,6 +27,7 @@
         sane-defaults = {
           enable = lib.mkDefault true;
           allSshKeys = config.assets.sshKeys.user;
+          tailnet = "discus-macaroni.ts.net";
         };
         flake-qol = {
           enable = true;
diff --git a/modules/nixos/settei/sane-defaults.nix b/modules/nixos/settei/sane-defaults.nix
index 0fe11e9..c8a045c 100644
--- a/modules/nixos/settei/sane-defaults.nix
+++ b/modules/nixos/settei/sane-defaults.nix
@@ -37,11 +37,15 @@ in {
     security.sudo.wheelNeedsPassword = false;
 
     # When NetworkManager isn't in use, add tailscale DNS address manually
-    networking.nameservers = lib.mkIf (!nmEnabled && config.services.tailscale.enable) [
-      "100.100.100.100"
-      "1.1.1.1"
-      "1.0.0.1"
-    ];
+    networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) {
+      nameservers = [
+        "100.100.100.100"
+        "1.1.1.1"
+        "1.0.0.1"
+      ];
+      search = [cfg.tailnet];
+    };
+
     # NetworkManager probably means desktop system so we don't want to slow down boot times
     systemd.services = lib.mkIf nmEnabled {
       NetworkManager-wait-online.enable = false;
diff --git a/modules/shared/settei/sane-defaults.nix b/modules/shared/settei/sane-defaults.nix
index 689aa73..a8ea3c3 100644
--- a/modules/shared/settei/sane-defaults.nix
+++ b/modules/shared/settei/sane-defaults.nix
@@ -14,6 +14,10 @@
       type = types.attrsOf types.singleLineStr;
       default = {};
     };
+    tailnet = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+    };
   };
 
   config = lib.mkIf config.settei.sane-defaults.enable (let