diff --git a/machines/chungus/hass.nix b/machines/chungus/hass.nix
index 868b969..45a3b92 100644
--- a/machines/chungus/hass.nix
+++ b/machines/chungus/hass.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  zerotierInterface,
   ...
 }:
 {
@@ -17,5 +18,6 @@
 
   networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
   networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ 8123 ];
 
 }
diff --git a/machines/chungus/service-paperless.nix b/machines/chungus/service-paperless.nix
index 1fe84ee..0a8dc74 100644
--- a/machines/chungus/service-paperless.nix
+++ b/machines/chungus/service-paperless.nix
@@ -2,13 +2,15 @@
   config,
   pkgs,
   lib,
+  zerotierInterface,
   ...
 }:
 {
 
   services.paperless = {
     enable = true;
-    address = "0.0.0.0";
+    address = "[::]";
+    port = 28981;
     package = pkgs.paperless-ngx;
     settings = {
       PAPERLESS_OCR_LANGUAGE = "deu+eng";
@@ -35,6 +37,9 @@
   };
 
   networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
+    config.services.paperless.port
+  ];
 
   services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
     serverAliases = [ "paperless.ingolf-wagner.de" ];