diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix
index aae68f9..dd074d1 100644
--- a/machines/cj/configuration.nix
+++ b/machines/cj/configuration.nix
@@ -146,8 +146,6 @@
 
   # List services that you want to enable:
   services = {
-    chrony.enable = true;
-
     fail2ban = {
       enable = true;
       maxretry = 5;
@@ -155,6 +153,7 @@
         "127.0.0.0/8"     # localhost
         "192.168.0.0/16"  # LAN
         "160.91.241.229"  # lucky
+        "100.64.0.0"      # tailscale
       ];
     };
 
@@ -182,6 +181,8 @@
 
     tailscale.enable = true;
 
+    timesyncd.enable = true;
+
     unifi = {
       enable = true;
       openFirewall = true;
@@ -191,7 +192,7 @@
     vaultwarden = {
       enable = true;
       config = {  # https://github.com/dani-garcia/vaultwarden/blob/1.25.2/.env.template
-        DOMAIN = "https://vault.jhink.org";
+        DOMAIN = "http://100.64.0.2:8081";
         ROCKET_ADDRESS = "0.0.0.0";
         ROCKET_PORT = 8222;
         SIGNUPS_ALLOWED = false;
diff --git a/machines/cj/firewall.nix b/machines/cj/firewall.nix
index e01061a..1b92c1e 100644
--- a/machines/cj/firewall.nix
+++ b/machines/cj/firewall.nix
@@ -4,13 +4,13 @@
     8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
     8585  # pihole web
     53 # pihole
-    #8123  # home-assistant
-    #3000  # gitea
+    8123  # home-assistant
+    3000  # gitea
     8081  # vaultwarden
     80 443  # reverse proxy
   ];
   allowedUDPPorts = [
-    22000 21027  # syncthing
+    #22000 21027  # syncthing
     3478 5514 10001 1900 123 # unifi
     53  # pihole
     80 443  # reverse proxy
@@ -18,4 +18,8 @@
   allowedUDPPortRanges = [
     { from = 5656; to = 5699; }  # unifi
   ];
+
+  # This should not really be necessary unless we use an exit node or subnet
+  # with tailscale I think.
+  checkReversePath = "loose";
 }
diff --git a/machines/cj/hardware-configuration-zfs.nix b/machines/cj/hardware-configuration-zfs.nix
index 745b142..72bc231 100644
--- a/machines/cj/hardware-configuration-zfs.nix
+++ b/machines/cj/hardware-configuration-zfs.nix
@@ -109,6 +109,18 @@
       neededForBoot = true;
     };
 
+  fileSystems."/nfs/homes" =
+    { device = "192.168.88.88:/volume1/homes";
+      fsType = "nfs";
+      neededForBoot = false;
+    };
+
+  fileSystems."/nfs/shared_photos" =
+    { device = "192.168.88.88:/volume1/photo";
+      fsType = "nfs";
+      neededForBoot = false;
+    };
+
   swapDevices = [
     {
       device = "/dev/disk/by-partuuid/6bf463d0-107f-489e-be29-704442ea3150";
diff --git a/machines/cj/home-assistant.nix b/machines/cj/home-assistant.nix
index 77ba41b..8113d81 100644
--- a/machines/cj/home-assistant.nix
+++ b/machines/cj/home-assistant.nix
@@ -1,6 +1,6 @@
 serverIP :
 {
-  image = "ghcr.io/home-assistant/home-assistant:2023.6.3";
+  image = "ghcr.io/home-assistant/home-assistant:2023.11.2";
   #ports = [
     #"8123:8123"
   #];
diff --git a/machines/cj/syncthing.nix b/machines/cj/syncthing.nix
index 57f2e64..6d34cf9 100644
--- a/machines/cj/syncthing.nix
+++ b/machines/cj/syncthing.nix
@@ -1,5 +1,5 @@
 {
-  enable = true;
+  enable = false;
   dataDir = "/serverdata/syncthing/";
   user = "jacob";
   group = "users";