diff --git a/agenix/hosts/tanker/headscale/acls.age b/agenix/hosts/tanker/headscale/acls.age
index ca85262..efe7356 100644
Binary files a/agenix/hosts/tanker/headscale/acls.age and b/agenix/hosts/tanker/headscale/acls.age differ
diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix
index c144f0e..6f1b148 100644
--- a/system/nixos/adguardhome.nix
+++ b/system/nixos/adguardhome.nix
@@ -44,7 +44,7 @@
 
   networking.firewall.interfaces =
     let
-      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks;
+      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
     in
     builtins.listToAttrs
       (builtins.map
diff --git a/system/nixos/headscale.nix b/system/nixos/headscale.nix
index bdbd66f..08d3e9c 100644
--- a/system/nixos/headscale.nix
+++ b/system/nixos/headscale.nix
@@ -25,6 +25,17 @@ in
 
       server_url = "https://${fqdn}";
       acl_policy_path = config.age.secrets.headscale-acls.path;
+
+      dns_config = {
+        override_local_dns = false;
+
+        nameservers = [
+          "100.64.10.1"
+          "100.64.10.6"
+        ];
+
+        base_domain = "mesh.kempkens.network";
+      };
     };
   };
 
diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix
index 4516643..de6cf97 100644
--- a/system/nixos/jellyfin.nix
+++ b/system/nixos/jellyfin.nix
@@ -30,12 +30,22 @@
         addr = "0.0.0.0";
         port = 9920;
         ssl = true;
+        extraParameters = [
+          "fastopen=63"
+          "backlog=1023"
+          "deferred"
+        ];
       }
 
       {
         addr = "[::0]";
         port = 9920;
         ssl = true;
+        extraParameters = [
+          "fastopen=63"
+          "backlog=1023"
+          "deferred"
+        ];
       }
     ];