diff --git a/hosts/homex/network.nix b/hosts/homex/network.nix
index 92f0599..14fec53 100644
--- a/hosts/homex/network.nix
+++ b/hosts/homex/network.nix
@@ -18,6 +18,25 @@
       enable = true;
       useRoutingFeatures = "both";
     };
+    systemd.services."tailscaled" = {
+      serviceConfig = {
+        Environment = [ "TS_PERMIT_CERT_UID=caddy" ];
+      };
+    };
+
+    services.caddy = {
+      enable = true;
+      virtualHosts."homex.kiko-liberty.ts.net".extraConfig = ''
+        respond "Hello, World"
+      '';
+      virtualHosts."guz.local".extraConfig = ''
+        respond "Hello, World"
+      '';
+      virtualHosts."adguard.guz.local".extraConfig = ''
+        reverse_proxy 192.168.1.10:3010
+      '';
+    };
+    networking.firewall.allowedTCPPorts = [ 80 433 ];
 
     boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
     boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
diff --git a/modules/nixos/homelab/adguard.nix b/modules/nixos/homelab/adguard.nix
index cd4165b..bd88307 100644
--- a/modules/nixos/homelab/adguard.nix
+++ b/modules/nixos/homelab/adguard.nix
@@ -39,6 +39,16 @@ in
         http = {
           address = "${cfg.settings.server.address}:${toString cfg.settings.server.port}";
         };
+        dns.rewrites = [
+          {
+            domain = "guz.local";
+            answer = "100.66.139.89";
+          }
+          {
+            domain = "*.guz.local";
+            answer = "100.66.139.89";
+          }
+        ];
       };
     };
   };