diff --git a/devices/hardware/vds.nix b/devices/hardware/vds.nix
index e303ba9..ba4f5ac 100755
--- a/devices/hardware/vds.nix
+++ b/devices/hardware/vds.nix
@@ -40,7 +40,10 @@
     "/boot" = {
       device = lib.mkForce "/dev/disk/by-partlabel/disk-main-ESP";
       fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
     };
   };
 
diff --git a/devices/vds.nix b/devices/vds.nix
old mode 100755
new mode 100644
index b096f09..3a8f68f
--- a/devices/vds.nix
+++ b/devices/vds.nix
@@ -39,7 +39,7 @@ let
       #         efiInstallAsRemovable = true;
       #       };
       boot = {
-        #kernelPackages = pkgs.linuxPackages_xanmod_stable;
+        kernelPackages = pkgs.linuxPackages_xanmod_stable;
         hardwareScan = true;
         loader = {
           grub = {
@@ -81,6 +81,7 @@ let
         };
         samba = {
           enable = true;
+          openFirewall = true;
           settings = {
             global = {
               "invalid users" = [ ];
@@ -116,6 +117,7 @@ let
         openssh = {
           enable = true;
           allowSFTP = true;
+          openFirewall = true;
           hostKeys = [
             {
               path = "/etc/ssh/id_ed25519";
@@ -128,13 +130,16 @@ let
             UsePAM = true;
           };
         };
-        tailscale.enable = true;
+        tailscale = {
+          enable = true;
+          openFirewall = true;
+        };
       };
 
       networking = {
         hostName = "${inputs.zeroq.devices.vds.hostname}";
         networkmanager.enable = true;
-        firewall.enable = false;
+        firewall.enable = true;
       };
 
       system = {