diff --git a/nixos/machines/chungus/tts.nix b/nixos/machines/chungus/tts.nix
index ecfcd12..71783a7 100644
--- a/nixos/machines/chungus/tts.nix
+++ b/nixos/machines/chungus/tts.nix
@@ -3,22 +3,52 @@
 , ...
 }: {
 
-  systemd.services.tts = {
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    path = [ pkgs.espeak ];
-    environment.HOME = "/var/lib/tts";
-    serviceConfig = {
-      StateDirectory = "tts";
-      DynamicUser = true;
-      User = "tts";
-      Group = "tts";
-      ExecStart = ''
-        ${pkgs.tts}/bin/tts-server --model_name tts_models/en/ljspeech/vits --port 5004
-      '';
-    };
-  };
+  #systemd.services.tts = {
+  #  after = [ "network.target" ];
+  #  wantedBy = [ "multi-user.target" ];
+  #  path = [ pkgs.espeak ];
+  #  environment.HOME = "/var/lib/tts";
+  #  serviceConfig = {
+  #    CapabilityBoundingSet = "";
+  #    DeviceAllow = "";
+  #    DevicePolicy = "closed";
+  #    LockPersonality = true;
+  #    # jit via numba->llvmpipe
+  #    MemoryDenyWriteExecute = false;
+  #    PrivateDevices = true;
+  #    PrivateUsers = true;
+  #    ProtectHome = true;
+  #    ProtectHostname = true;
+  #    ProtectKernelLogs = true;
+  #    ProtectKernelModules = true;
+  #    ProtectKernelTunables = true;
+  #    ProtectControlGroups = true;
+  #    ProtectProc = "invisible";
+  #    ProcSubset = "pid";
+  #    RestrictAddressFamilies = [
+  #      "AF_UNIX"
+  #      "AF_INET"
+  #      "AF_INET6"
+  #    ];
+  #    RestrictRealtime = true;
+  #    RestrictNamespaces = true;
+  #    SystemCallArchitectures = "native";
+  #    SystemCallFilter = [
+  #      "@system-service"
+  #      "~@privileged"
+  #    ];
+  #    UMask = "0077";
+  #    StateDirectory = "tts";
+  #    DynamicUser = true;
+  #    User = "tts";
+  #    Group = "tts";
+  #    ExecStart = ''
+  #      ${pkgs.tts}/bin/tts-server --model_name tts_models/en/ljspeech/vits --port 5004
+  #    '';
+  #  };
+  #};
 
+  # find models with ${pkgs.tts}/bin/tts --list_models
   services.tts = {
     servers = {
       english = {
@@ -35,19 +65,26 @@
       };
     };
   };
+  # fixes some issues
+  systemd.services.tts-german.serviceConfig.RestrictAddressFamilies = [
+    "AF_UNIX"
+  ];
+  systemd.services.tts-english.serviceConfig.RestrictAddressFamilies = [
+    "AF_UNIX"
+  ];
+
+
+
 
   services.nginx = {
     recommendedProxySettings = true;
     enable = true;
-    # works
     virtualHosts."tts.${config.networking.hostName}.private" = {
-      locations."/".proxyPass = "http://localhost:5004";
+      locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.english.port}";
     };
-    # works not
     virtualHosts."en.tts.${config.networking.hostName}.private" = {
       locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.english.port}";
     };
-    # works
     virtualHosts."de.tts.${config.networking.hostName}.private" = {
       locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.german.port}";
     };