diff --git a/devices/srv1/node0/default.nix b/devices/srv1/node0/default.nix
index c8b51758..96b77720 100644
--- a/devices/srv1/node0/default.nix
+++ b/devices/srv1/node0/default.nix
@@ -17,7 +17,11 @@ inputs:
       };
       services =
       {
-        xray.client.enable = true;
+        xray.client =
+        {
+          enable = true;
+          dnsmasq.extraInterfaces = [ "eno146" ];
+        };
         beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
         wireguard =
         {
@@ -51,5 +55,8 @@ inputs:
         options = [ "rbind" ];
       };
     };
+    # without this, tproxy does not work
+    # TODO: why?
+    networking.firewall.trustedInterfaces = [ "eno146" ];
   };
 }
diff --git a/devices/srv1/node1/default.nix b/devices/srv1/node1/default.nix
index 0a7bfdf2..a59b25c6 100644
--- a/devices/srv1/node1/default.nix
+++ b/devices/srv1/node1/default.nix
@@ -10,7 +10,7 @@ inputs:
         networking.networkd.static =
         {
           eno1 = { ip = "192.168.1.11"; mask = 24; gateway = "192.168.1.1"; };
-          eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; };
+          eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
         };
         cluster.nodeType = "worker";
         initrd.sshd.enable = true;