diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix
index 9fcb5f5..002c2f0 100644
--- a/containers/fluorite/configuration.nix
+++ b/containers/fluorite/configuration.nix
@@ -1,16 +1,30 @@
 { ... }: {
   system.stateVersion = "25.11";
   systemd.tmpfiles.rules = [
-    "d /persist/slskd/Downloads 755 slskd slskd"
+    "d /persist/slskd/downloads 755 slskd slskd"
   ];
   fileSystems."/var/lib/slskd" = {
     device = "/persist/slskd";
     fsType = "none";
     options = [ "bind" ];
   };
+  fileSystems."/var/lib/tailscale" = {
+    device = "/persist/tailscale";
+    fsType = "none";
+    options = [ "bind" ];
+  };
   networking.firewall.allowedTCPPorts = [ 5030 50300 ];
   networking.firewall.allowedUDPPorts = [ 5030 50300 ];
 
+  services.tailscale = {
+    enable = true;
+    authKeyFile = "/binds/tailscale_auth";
+    openFirewall = true;
+    interfaceName = "userspace-networking";
+    extraDaemonFlags = [ "--socks5-server=localhost:1055" ];
+    extraUpFlags = [ "--exit-node=dandelion" ];
+  };
+
   services.slskd = {
     enable = true;
     domain = null;
diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix
index 746c702..25e43f6 100644
--- a/containers/fluorite/flake.nix
+++ b/containers/fluorite/flake.nix
@@ -20,7 +20,7 @@
       ./configuration.nix
       {
         networking.useHostResolvConf = false;
-        networking.nameservers = [ host ];
+        networking.nameservers = [ 8.8.8.8 ];
       }
     ];
   in {
@@ -97,6 +97,11 @@
           mountPoint = "/binds/slskd_env";
           isReadOnly = true;
         };
+        bindMounts."tailscale_auth" = {
+          hostPath = config.age.secrets.tailscale_auth.path;
+          mountPoint = "/binds/tailscale_auth";
+          isReadOnly = true;
+        };
         # flake = "path:" + ./.;
       };
     };
diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix
index 8af107d..9db08f5 100644
--- a/hosts/alyssum/default.nix
+++ b/hosts/alyssum/default.nix
@@ -28,6 +28,7 @@
     modules.services.soulbeet
     modules.services.syncthing
 
+    inputs.c-fluorite.nixosModule
     inputs.c-garnet.nixosModule
 
     ./filesystem.nix
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index 33b6eec..540008d 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -32,7 +32,6 @@
     inputs.c-citrine.nixosModule
     inputs.c-diamond.nixosModule
     inputs.c-emerald.nixosModule
-    inputs.c-fluorite.nixosModule
 
     ./filesystem.nix
     ./kernel.nix
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index 5e3e044..4e16aac 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -4,6 +4,17 @@
   networking.firewall.trustedInterfaces = [ "tailscale0" ];
   networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
 
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "tailscaled0" ];
+    forwardPorts = [
+      {
+        sourcePort = 50300;
+        proto = "tcp";
+        destination = "100.67.2.101:50300";
+      }
+    ];
+  };
   services.tailscale = {
     enable = true;
     authKeyFile = config.age.secrets.tailscale_auth.path;
diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age
index 287ef9b..f5bc05e 100644
Binary files a/secrets/slskd_env.age and b/secrets/slskd_env.age differ