diff --git a/components/network/tinc/private.nix b/components/network/tinc/private.nix
index 80391c4a..823edd49 100644
--- a/components/network/tinc/private.nix
+++ b/components/network/tinc/private.nix
@@ -104,7 +104,8 @@ in
   '';
 
   networking.extraHosts = concatStringsSep "\n" (
-    mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
+    (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains))
+    ++ (mapAttrsToList (name: ip: "${ip} ${name}.bear") (hosts // subDomains))
   );
 
 }
diff --git a/machines/orbi/media-transmission2.nix b/machines/orbi/media-transmission2.nix
index b667756b..c4879534 100644
--- a/machines/orbi/media-transmission2.nix
+++ b/machines/orbi/media-transmission2.nix
@@ -130,6 +130,14 @@ in
   };
 
   healthchecks.closed.public.ports.transmission2 = [ uiPort ];
+  healthchecks.http.transmission2-private = {
+    url = "http://transmission2.${config.networking.hostName}.private";
+    expectedContent = "Transmission X";
+  };
+  healthchecks.http.transmission2-zerotier = {
+    url = "http://transmission2.${config.networking.hostName}.bear";
+    expectedContent = "Transmission X";
+  };
 
   # host nginx setup
   # ----------------
@@ -143,6 +151,7 @@ in
       "transmission2.${config.networking.hostName}.private" = {
         extraConfig = ''
           allow ${config.tinc.private.subnet};
+          allow ${config.clan.core.networking.zerotier.subnet};
           deny all;
         '';
         locations."/" = {