diff --git a/lib/options.nix b/lib/options.nix
index dd3f22a..65e2f7e 100644
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -46,6 +46,13 @@ in {
       [ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ]
       [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ]
     ];
+    routes = {
+      "git.${domain}"     = "http://localhost:5080";
+      "auth.${domain}"    = "http://localhost:1411";
+      "dash.${domain}"    = "http://localhost:5070";
+      "media.${domain}"   = "http://localhost:8096";
+      "gallery.${domain}" = "http://localhost:2284";
+    };
     proxy = {
       base = "proxy.${domain}";
       hosts = {
diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix
index 8cf0fb6..c1a9c8d 100644
--- a/modules/system/homelab/tunnels.nix
+++ b/modules/system/homelab/tunnels.nix
@@ -1,19 +1,11 @@
-{ pkgs, lib, homelab, ... }: let
-  routes = {
-    "git.${homelab.domain}"     = "http://localhost:5080";
-    "auth.${homelab.domain}"    = "http://localhost:1411";
-    "dash.${homelab.domain}"    = "http://localhost:5070";
-    "media.${homelab.domain}"   = "http://localhost:8096";
-    "gallery.${homelab.domain}" = "http://localhost:2284";
-  };
-in {
+{ pkgs, lib, homelab, ... }: {
   services.cloudflared = {
     enable = true;
     tunnels.homelab = {
       credentialsFile = "/mnt/data/cloudflared/homelab.json";
       certificateFile = "/mnt/data/cloudflared/cert.pem";
       default = "http_status:404";
-      ingress = routes;
+      ingress = homelab.routes;
     };
   };
   
@@ -32,6 +24,6 @@ in {
     script = lib.concatMapStringsSep "\n" (domain: ''
       echo "Ensuring DNS route for ${domain}..."
       ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true
-    '') (builtins.attrNames routes);
+    '') (builtins.attrNames homelab.routes);
   };
 }