diff --git a/states/headscale/config.sls b/states/headscale/config.sls
index 4b68531..0fe8159 100644
--- a/states/headscale/config.sls
+++ b/states/headscale/config.sls
@@ -28,3 +28,22 @@ headscale-config-derp:
     - template: jinja
     - watch_in:
       - service: headscale-service
+
+headscale-policy:
+  file.managed:
+    - name: {{ headscale.config_path }}/policy.json
+    - source: salt://headscale/templates/policy.json.j2
+    - user: {{ headscale.user.uid }}
+    - group: {{ headscale.group.gid }}
+    - template: jinja
+    - watch_in:
+      - service: headscale-service
+
+headscale-policy-update:
+  file.managed:
+    - name: {{ headscale.config_path }}/update_policy.sh
+    - source: salt://headscale/templates/update_policy.sh
+    - user: {{ headscale.user.uid }}
+    - group: {{ headscale.group.gid }}
+    - watch_in:
+      - service: headscale-service
diff --git a/states/headscale/defaults.yaml b/states/headscale/defaults.yaml
index 7845115..5ad6e5d 100644
--- a/states/headscale/defaults.yaml
+++ b/states/headscale/defaults.yaml
@@ -90,17 +90,18 @@ headscale:
       enabled: false
     randomize_client_port: false
   derp_config:
-    regions:
-      900:
-        regionid: 900
-        regioncode: custom
-        regionname: My Region
-        nodes:
-          - name: 900a
-            regionid: 900
-            hostname: myderp.mydomain.no
-            ipv4: 123.123.123.123
-            ipv6: "2604:a880:400:d1::828:b001"
-            stunport: 0
-            stunonly: false
-            derpport: 0
+    regions: {}
+      #900:
+      #  regionid: 900
+      #  regioncode: custom
+      #  regionname: My Region
+      #  nodes:
+      #    - name: 900a
+      #      regionid: 900
+      #      hostname: myderp.mydomain.no
+      #      ipv4: 123.123.123.123
+      #      ipv6: "2604:a880:400:d1::828:b001"
+      #      stunport: 0
+      #      stunonly: false
+      #      derpport: 0
+  policy: {}
diff --git a/states/headscale/templates/policy.json.j2 b/states/headscale/templates/policy.json.j2
new file mode 100644
index 0000000..f9327df
--- /dev/null
+++ b/states/headscale/templates/policy.json.j2
@@ -0,0 +1,3 @@
+{%- from "headscale/map.jinja" import headscale with context -%}
+{{ headscale.policy|json }}
+
diff --git a/states/headscale/templates/update_policy.sh b/states/headscale/templates/update_policy.sh
new file mode 100644
index 0000000..a9b783d
--- /dev/null
+++ b/states/headscale/templates/update_policy.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env zsh
+
+FILENAME=/etc/headscale/policy.json
+headscale policy get | jq > $FILENAME; vim $FILENAME; headscale policy set -f $FILENAME