diff --git a/aplysia.nix b/aplysia.nix
index e928b4a..b4819e5 100644
--- a/aplysia.nix
+++ b/aplysia.nix
@@ -79,14 +79,19 @@ in
           speed-limit-up-enabled = true;
 
           peer-port = 7455;
+
+          rpc-whitelist-enabled = false;
         };
       };
 
       networking.firewall = {
         enable = true;
-        allowedTCPPorts = [
+        interfaces.${trnsmssnIface}.allowedTCPPorts = [
           config.services.transmission.settings.peer-port
         ];
+        interfaces.eth0.allowedTCPPorts = [
+          9091
+        ];
       };
 
       networking.nameservers = [ "193.138.218.74" ];
@@ -94,7 +99,10 @@ in
       networking.interfaces.${trnsmssnIface} = {
         ipv4.addresses = [ { address = "10.64.157.93"; prefixLength = 32; } ];
         ipv6.addresses = [ { address = "fc00:bbbb:bbbb:bb01::1:9d5c"; prefixLength = 128; } ];
-        ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; } ];
+        ipv4.routes = [
+          { address = "0.0.0.0"; prefixLength = 1; }
+          { address = "128.0.0.0"; prefixLength = 1; }
+        ];
         ipv6.routes = [ { address = "::"; prefixLength = 0; } ];
       };
 
@@ -102,9 +110,11 @@ in
     };
 
     privateNetwork = true;
-
     interfaces = [ trnsmssnIface ];
 
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+
     autoStart = true;
 
     bindMounts.${homeDir} = {
@@ -154,6 +164,25 @@ in
     ];
   };
 
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts."transmission-proxy" = {
+      serverName = "localhost";
+      listen = [
+        { addr = "localhost"; port = 9091; }
+      ];
+      locations."/transmission/" = {
+        proxyPass = "http://192.168.100.11:9091";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
   environment.systemPackages = with pkgs; [
     transmission
     samba