diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4bd922a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+secrets/
diff --git a/drives.nix b/drives.nix
index 2e96ff8..dc8dd28 100644
--- a/drives.nix
+++ b/drives.nix
@@ -5,6 +5,10 @@
     #  device = "10.94.157.2:/mnt/Nethergarde/Windows";
     #  fsType = "nfs";
     #};
+    "/mnt/nethergarde/leonhome" = {
+      device = "10.46.32.2:/mnt/Nethergarde/Home";
+      fsType = "nfs";
+    };
     #"/mnt/nethergarde/bigdata" = {
     #  device = "10.94.157.2:/mnt/Nethergarde/Bigdata";
     #  fsType = "nfs";
@@ -24,6 +28,22 @@
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };
+    #"/mnt/nethergarde/leonhome" = {
+    #  device = "//10.46.32.2/Leon\\040home\\040share";
+    #  fsType = "cifs";
+    #  options = [
+    #    "credentials=/etc/nixos/secrets/smb-secrets-leon-home"
+    #    "x-systemd.automount"
+    #    "noauto"
+    #    "x-systemd.idle-timeout=60"
+    #    "x-systemd.device-timeout=5s"
+    #    "x-systemd.mount-timeout=5s"
+    #    "uid=1000"
+    #    "gid=100"
+    #    "iocharset=utf8"
+    #    "vers=3.1.1"
+    #  ];
+    #};
   };
 }
 
diff --git a/networking.nix b/networking.nix
index 7212f39..c7ec5ee 100644
--- a/networking.nix
+++ b/networking.nix
@@ -13,7 +13,6 @@
       trustedInterfaces = [ "incusbr0" ];
     };
 
-    # here’s the custom nftables filter ruleset for forwarded traffic:
     nftables.ruleset = ''
       table ip filter {
         chain forward {
@@ -25,6 +24,9 @@
           iifname "incusbr0" oifname "enp4s0" ct state new,established accept
           iifname "incusbr1" oifname "enp4s0" ct state new,established accept
 
+          # allow vm to vm communication 
+          iifname "tap*" oifname "tap*" accept
+
           # allow natted replies
           iifname "enp4s0" oifname "incusbr0" tcp dport 8123 ct state new,established accept
           iifname "enp4s0" oifname "incusbr0" tcp dport 80 ct state new,established accept