diff --git a/hosts/Alaska/modules/tailscale.nix b/hosts/Alaska/modules/tailscale.nix
index f99b6ab..f834def 100644
--- a/hosts/Alaska/modules/tailscale.nix
+++ b/hosts/Alaska/modules/tailscale.nix
@@ -9,6 +9,9 @@
   # then replace USERNAME with the computer's hostname which you created
   # an "user" account in the first comment
 
+  # use this for android instructions
+  #  https://github.com/juanfont/headscale/blob/main/docs/android-client.md
+
   services.tailscale.enable = true;
   # Defined here to indicate the settings are related
   networking.firewall = {
diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix
index 370b8b2..4b49a45 100644
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -9,6 +9,13 @@
   networking.hosts = {
     "10.0.0.183" = [ "headscale.nickiel.net" "files.nickiel.net" "git.nickiel.net" "nickiel.net" "jellyfin.nickiel.net" ];
   };
+  services.tailscale.enable = true;
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+
   
   services.xserver.videoDrivers = [ "nvidia" ];
   hardware.opengl.enable = true;
diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix
index b1bc8ef..a6a0ecd 100644
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -8,11 +8,17 @@
   hardware.bluetooth.enable = true;
 
   networking.hosts = {
-    "10.0.0.183" = [ "files.nickiel.net" "git.nickiel.net" "nickiel.net" "jellyfin.nickiel.net" ];
+    "10.0.0.183" = [ "headscale.nickiel.net" "files.nickiel.net" "git.nickiel.net" "nickiel.net" "jellyfin.nickiel.net" ];
+  };
+  services.tailscale.enable = true;
+  networking.firewall = {
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
   };
-
   time.hardwareClockInLocalTime = true;
 
+
   boot.loader = {
     efi = {
       canTouchEfiVariables = true;