diff --git a/hosts/nixos/tahani/default.nix b/hosts/nixos/tahani/default.nix
index 09dfbb9..c620080 100644
--- a/hosts/nixos/tahani/default.nix
+++ b/hosts/nixos/tahani/default.nix
@@ -40,7 +40,13 @@
 
   networking = {
     hostName = hostname;
-    useDHCP = true;
+    useDHCP = false;
+    interfaces.eno1.ipv4.addresses = [{
+      address = "192.168.1.10";
+      prefixLength = 24;
+    }];
+    defaultGateway = "192.168.1.1";
+    nameservers = ["1.1.1.1"];
   };
 
   services.postgresql = {
diff --git a/profiles/nixos/default.nix b/profiles/nixos/default.nix
index eb0496e..b99909b 100644
--- a/profiles/nixos/default.nix
+++ b/profiles/nixos/default.nix
@@ -13,7 +13,6 @@ in {
   ];
 
   system.stateVersion = "25.11";
-
   time.timeZone = "UTC";
 
   nix = {
@@ -27,9 +26,10 @@ in {
 
   networking.firewall = {
     enable = true;
-    trustedInterfaces = ["tailscale0"];
-    allowedUDPPorts = [config.services.tailscale.port];
-    allowedTCPPorts = [22];
+    trustedInterfaces = ["eno1" "tailscale0"];
+    allowPing = true;
+    allowedUDPPorts = [53 10000 config.services.tailscale.port];
+    allowedTCPPorts = [22 53];
     checkReversePath = "loose";
   };
 
@@ -47,8 +47,8 @@ in {
     };
     adguardhome = {
       enable = true;
+      port = 10000;
       settings = {
-        http.address = "0.0.0.0:10000";
         dns = {
           upstream_dns = [
             "1.1.1.1"
@@ -88,22 +88,10 @@ in {
 
   security.sudo = {
     enable = true;
-    extraRules = [
-      {
-        commands = [
-          {
-            command = "${pkgs.systemd}/bin/reboot";
-            options = ["NOPASSWD"];
-          }
-        ];
-        groups = ["wheel"];
-      }
-    ];
   };
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = [
     agenix.packages."${pkgs.system}".default
-    inetutils
   ];
 
   home-manager = {