{...}: {
  services.dnsmasq = {
    enable = true;

    # Only using this for tailscale IPs, so better to let tailscale itself deal with it
    resolveLocalQueries = false;

    settings = {
      listen-address = ["100.73.96.48"];

      /*
      Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
      From the little testing I have done it seems to not cause any issues, but better to be safe
      than sorry :P
      */
      dns-loop-detect = true;

      # If this isn't set a cname that targets a host might return the wrong ip
      localise-queries = true;
      ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
      filter-AAAA = true;
      expand-hosts = true;
      domain = "sable-pancake.ts.net";
      domain-needed = true;
    };
  };

  # Add tailscale hosts
  networking.hosts = {
    "100.73.96.48" = ["everest"];
    "100.113.139.93" = ["archie"];
    "100.85.48.85" = ["steamdeck"];
    "100.96.92.13" = ["surfecego"];
    "100.106.73.20" = ["winmax2"];
  };

  # Dnsmasq conflicts with the resolved dns stub listener
  services.resolved.extraConfig = ''
    [Resolve]
    DNSStubListener=no
  '';
}