diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix
index c2e616d30e87..fd2fd8dbede9 100644
--- a/nixos/modules/services/networking/headscale.nix
+++ b/nixos/modules/services/networking/headscale.nix
@@ -20,6 +20,11 @@
   settingsFormat = pkgs.formats.yaml {};
   configFile = settingsFormat.generate "headscale.yaml" cfg.settings;
   cliConfigFile = settingsFormat.generate "headscale.yaml" cliConfig;
+
+  assertRemovedOption = option: message: {
+    assertion = !lib.hasAttrByPath option cfg;
+    message = "The option `services.headscale.${lib.options.showOption option}` was removed. " + message;
+  };
 in {
   options = {
     services.headscale = {
@@ -82,21 +87,6 @@ in {
         type = lib.types.submodule {
           freeformType = settingsFormat.type;
 
-          imports = with lib; [
-            (mkAliasOptionModule ["acl_policy_path"] ["policy" "path"])
-            (mkAliasOptionModule ["db_host"] ["database" "postgres" "host"])
-            (mkAliasOptionModule ["db_name"] ["database" "postgres" "name"])
-            (mkAliasOptionModule ["db_password_file"] ["database" "postgres" "password_file"])
-            (mkAliasOptionModule ["db_path"] ["database" "sqlite" "path"])
-            (mkAliasOptionModule ["db_port"] ["database" "postgres" "port"])
-            (mkAliasOptionModule ["db_type"] ["database" "type"])
-            (mkAliasOptionModule ["db_user"] ["database" "postgres" "user"])
-            (mkAliasOptionModule ["dns_config" "base_domain"] ["dns" "base_domain"])
-            (mkAliasOptionModule ["dns_config" "domains"] ["dns" "search_domains"])
-            (mkAliasOptionModule ["dns_config" "magic_dns"] ["dns" "magic_dns"])
-            (mkAliasOptionModule ["dns_config" "nameservers"] ["dns" "nameservers" "global"])
-          ];
-
           options = {
             server_url = lib.mkOption {
               type = lib.types.str;
@@ -507,6 +497,17 @@ in {
         assertion = with cfg.settings; dns.use_username_in_magic_dns or false || dns.base_domain == "" || !lib.hasInfix dns.base_domain server_url;
         message = "server_url cannot contain the base_domain, this will cause the headscale server and embedded DERP to become unreachable from the Tailscale node.";
       }
+      (assertRemovedOption ["settings" "acl_policy_path"] "Use `policy.path` instead.")
+      (assertRemovedOption ["settings" "db_host"] "Use `database.postgres.host` instead.")
+      (assertRemovedOption ["settings" "db_name"] "Use `database.postgres.name` instead.")
+      (assertRemovedOption ["settings" "db_password_file"] "Use `database.postgres.password_file` instead.")
+      (assertRemovedOption ["settings" "db_path"] "Use `database.sqlite.path` instead.")
+      (assertRemovedOption ["settings" "db_port"] "Use `database.postgres.port` instead.")
+      (assertRemovedOption ["settings" "db_type"] "Use `database.type` instead.")
+      (assertRemovedOption ["settings" "db_user"] "Use `database.postgres.user` instead.")
+      (assertRemovedOption ["settings" "dns_config"] "Use `dns` instead.")
+      (assertRemovedOption ["settings" "dns_config" "domains"] "Use `dns.search_domains` instead.")
+      (assertRemovedOption ["settings" "dns_config" "nameservers"] "Use `dns.nameservers.global` instead.")
     ];
 
     services.headscale.settings = lib.mkMerge [