diff --git a/configs/sputnik/nginx.nix b/configs/sputnik/nginx.nix
index c30ef02..a4b072f 100644
--- a/configs/sputnik/nginx.nix
+++ b/configs/sputnik/nginx.nix
@@ -29,8 +29,10 @@ let
   };
 in {
 
-  networking.firewall.allowedTCPPorts = [ 80 443 4443 ];
-  networking.firewall.allowedUDPPorts = [ 80 443 4443 ];
+  networking.firewall.allowedTCPPorts =
+    [ 80 443 4443 config.services.taskserver.listenPort ];
+  networking.firewall.allowedUDPPorts =
+    [ 80 443 4443 config.services.taskserver.listenPort ];
 
   services.nginx = {
     enable = true;
@@ -342,7 +344,14 @@ in {
     script = ''
       ${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222
     '';
-    #serviceConfig.User = "sslh";
+  };
+
+  systemd.services."socat-taskd" = {
+    wantedBy = [ "multi-user.target" ];
+    script = let port = toString config.services.taskserver.listenPort;
+    in ''
+      ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port}
+    '';
   };
 
 }
diff --git a/configs/workhorse/taskserver.nix b/configs/workhorse/taskserver.nix
index 9005939..c3c6e99 100644
--- a/configs/workhorse/taskserver.nix
+++ b/configs/workhorse/taskserver.nix
@@ -2,12 +2,13 @@
 
   services.taskserver = {
     enable = true;
-    fqdn = "workhorse.private";
+    fqdn = "taskd.ingolf-wagner.de";
     listenHost = "0.0.0.0";
     requestLimit = 104857600;
-    trust = "allow all";
+    trust = "strict";
     dataDir = "/var/lib/taskserver";
-    organisations."orgie".users = [ "palo" ];
+    organisations."1337".users = [ "palo" "beta" ];
+    ciphers = "SECURE256";
   };
 
   backup.dirs = [ config.services.taskserver.dataDir ];