diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index 6f08e05..9f3474d 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -160,6 +160,7 @@
       gitea.enable = true;
       snmp_exporter.enable = true;
       sshguard.enable = true;
+      hass.enable = true;
 
       headscale = {
         enable = true;
diff --git a/modules/services/hass/default.nix b/modules/services/hass/default.nix
index ae4112e..6bf21d0 100644
--- a/modules/services/hass/default.nix
+++ b/modules/services/hass/default.nix
@@ -13,7 +13,7 @@ in {
   config = lib.mkIf cfg.enable {
     mj.services.friendlyport.ports = [
       {
-        subnets = myData.subnets.vpn.cidrs;
+        subnets = [myData.subnets.tailscale.cidr];
         tcp = [myData.ports.hass];
       }
     ];
@@ -25,13 +25,25 @@ in {
           "esphome"
           "met"
           "radio_browser"
+
+          # my stuff
+          "yamaha_musiccast"
+          "dlna_dmr"
         ];
         config = {
-          auth_providers = {
-            trusted_networks = [myData.subnets.tailscale.cidr];
-            #trusted_proxies = ["127.0.0.1"];
-          };
           default_config = {};
+          http = {
+            use_x_forwarded_for = true;
+            trusted_proxies = ["127.0.0.1"];
+          };
+          homeassistant = {
+            auth_providers = [
+              {
+                type = "trusted_networks";
+                trusted_networks = [myData.subnets.tailscale.cidr];
+              }
+            ];
+          };
         };
       };
     };