diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix
index 7cb7559..b5e4ba5 100644
--- a/containers/garnet/flake.nix
+++ b/containers/garnet/flake.nix
@@ -44,7 +44,13 @@
             proxy_set_header Host $host;
           '';
         };
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
+        extraConfig = ''
+          allow 10.0.0.0/8;
+          allow 100.0.0.0/8;
+          allow 192.168.1.0/24;
+          allow fd0d::/8;
+          deny all;
+        '';
       };
 
       systemd.tmpfiles.rules = [
diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix
index 087c77f..1c1db61 100644
--- a/hosts/alyssum/default.nix
+++ b/hosts/alyssum/default.nix
@@ -1,4 +1,4 @@
-{ lib, modules, modulesPath, ... }: {
+{ inputs, modules, modulesPath, ... }: {
   networking.hostName = "alyssum";
   system.stateVersion = "25.11";
   time.timeZone = "Australia/Melbourne";
@@ -22,6 +22,8 @@
     security
     tailscale
 
+    inputs.c-garnet.nixosModule
+
     ./filesystem.nix
     ./kernel.nix
     ./networking.nix