diff --git a/hosts/architect/tailscale.nix b/hosts/architect/tailscale.nix
index 5ed0905..6fbff08 100644
--- a/hosts/architect/tailscale.nix
+++ b/hosts/architect/tailscale.nix
@@ -7,22 +7,27 @@ let
   inherit (utilities) generateDeviceStrings;
 in
 {
-  pepe.core.network.interfaces.tailscale = {
-    interface = "ts0";
-    net = "100.64.0.0/10";
-    type = "vpn";
-    devices = {
-      architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; isEndpoint = true; };
-      kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; };
-      chuck = { address = "100.64.0.4"; hostname = "chuck.${domain}"; };
-      manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
-      tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
-      alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
-      appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; };
-      afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; };
-      jacopo-desktop = { address = "100.64.0.21"; hostname = "jacopo-desktop.${domain}"; };
-      jacopo-tv = { address = "100.64.0.22"; hostname = "jacopo-tv.${domain}"; };
-      jacopo-phone = { address = "100.64.0.28"; hostname = "jacopo-phone.${domain}"; };
+  pepe.core = {
+    firewall.openUDP = [ 41641 ];
+
+    network.interfaces.tailscale = {
+      interface = "ts0";
+      net = "100.64.0.0/10";
+      type = "vpn";
+      devices = {
+        architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; isEndpoint = true; };
+        kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; };
+        work_laptop = { address = "100.64.0.4"; hostname = "work_laptop.${domain}"; };
+        work_desktop = { address = "100.64.0.5"; hostname = "work_desktop.${domain}"; };
+        manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
+        tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
+        alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
+        appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; };
+        afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; };
+        jacopo-desktop = { address = "100.64.0.21"; hostname = "jacopo-desktop.${domain}"; };
+        jacopo-tv = { address = "100.64.0.22"; hostname = "jacopo-tv.${domain}"; };
+        jacopo-phone = { address = "100.64.0.28"; hostname = "jacopo-phone.${domain}"; };
+      };
     };
   };