diff --git a/main.tf b/main.tf
index 33f82405..9f81e5e6 100644
--- a/main.tf
+++ b/main.tf
@@ -61,6 +61,7 @@ variable "finance_app_oauth_google_client_secret" {}
 variable "finance_app_graphql_api_secret" {}
 variable "finance_app_gocardless_secret_id" {}
 variable "finance_app_gocardless_secret_key" {}
+variable "headscale_config" {}
 
 variable "ansible_prefix" {
   default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@@ -286,6 +287,8 @@ module "kubernetes_cluster" {
   finance_app_db_connection_string       = var.finance_app_db_connection_string
   finance_app_gocardless_secret_id       = var.finance_app_gocardless_secret_id
   finance_app_gocardless_secret_key      = var.finance_app_gocardless_secret_key
+
+  headscale_config = var.headscale_config
 }
 
 
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index c40e2440..c4a41b91 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -49,6 +49,7 @@ variable "finance_app_oauth_google_client_secret" {}
 variable "finance_app_graphql_api_secret" {}
 variable "finance_app_gocardless_secret_id" {}
 variable "finance_app_gocardless_secret_key" {}
+variable "headscale_config" {}
 
 resource "null_resource" "core_services" {
   # List all the core modules that must be provisioned first
@@ -301,8 +302,9 @@ module "technitium" {
 }
 
 module "headscale" {
-  source          = "./headscale"
-  tls_secret_name = var.tls_secret_name
+  source           = "./headscale"
+  tls_secret_name  = var.tls_secret_name
+  headscale_config = var.headscale_config
 }
 
 # module "metrics_api" {