diff --git a/hosts/pi-server/default.nix b/hosts/pi-server/default.nix
index 88e1f69..c31f21b 100644
--- a/hosts/pi-server/default.nix
+++ b/hosts/pi-server/default.nix
@@ -74,6 +74,7 @@
   services = {
     beszel-agent = {enable = true;};
     nscd = {enableNsncd = true;};
+    tailscale = {enable = true;};
     locate = {
       enable = true;
       package = pkgs.mlocate;
@@ -119,7 +120,7 @@
   };
 
   zramSwap = {
-    enable = true;
+    enable = false;
     memoryPercent = 25;
     memoryMax = 2147483648;
   };
@@ -152,7 +153,21 @@
   # Open ports in the firewall.
   networking.firewall = {
     enable = true;
+    trustedInterfaces = ["tailscale0"];
     checkReversePath = "loose";
+    allowedUDPPorts = [config.services.tailscale.port];
+    allowedTCPPortRanges = [
+      {
+        from = 1714;
+        to = 1764;
+      }
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 1714;
+        to = 1764;
+      }
+    ];
     allowedTCPPorts = [22];
   };