diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix
index 2f4374b..03e3bb9 100644
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@@ -144,6 +144,9 @@
     telegram-desktop
     jadx
     gradle
+    localsend
+    scrcpy
+    syncthing
   ];
 
   programs.waybar.enable = true;
diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix
index acae89a..2322005 100644
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@@ -1,5 +1,6 @@
 {
   pkgs,
+  lib,
   ...
 }:
 {
@@ -10,7 +11,6 @@
     ./backup.nix
     ./rclone.nix
     ./postgres.nix
-    ./adguard.nix
     ./hedgedoc.nix
     ./miniflux.nix
     ./redlib.nix
@@ -92,9 +92,28 @@
       53
       853
     ];
-    extraCommands = ''
+    extraCommands =
+      let
+        ethtool = lib.getExe pkgs.ethtool;
+        tc = lib.getExe' pkgs.iproute2 "tc";
+      in ''
+      # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
+      ${ethtool} -K ens18 tso off
+
+      # clear existing rules
+      ${tc} qdisc del dev ens18 root || true
+
+      # create HTB hierarchy
+      ${tc} qdisc add dev ens18 root handle 1: htb default 20
+      ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
+      ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100%
+      ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100%
+
+      # mark traffic
       iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
-      iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2
+
+      # route marked packets
+      ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
     '';
   };
   networking.interfaces.ens18 = {
diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix
index e170e6b..17ff521 100644
--- a/hosts/chunk/tailscale.nix
+++ b/hosts/chunk/tailscale.nix
@@ -7,6 +7,9 @@
       "--advertise-exit-node"
       "--accept-dns=false"
     ];
+    extraDaemonFlags = [
+      "--no-logs-no-support"
+    ];
     useRoutingFeatures = "server";
     openFirewall = true;
   };
diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix
index b936a8b..a3d4e13 100644
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@@ -91,7 +91,10 @@
     resolvconf.enable = true;
     firewall = {
       enable = true;
-      allowedTCPPorts = [ 8080 ]; # for mitmproxy
+      allowedTCPPorts = [
+        8080  # mitmproxy
+        22000 # syncthing
+      ];
     };
   };
   programs.nm-applet.enable = true;
@@ -223,6 +226,7 @@
       "/home/yt/.local/share/Steam"
       "**/.wine"
       "/home/yt/Games"
+      "/home/yt/Videos"
     ];
     repo = "yt";
     passFile = config.sops.secrets."borg/rsyncnet".path;
diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix
index 63489ae..17db0c5 100644
--- a/hosts/ytnix/tailscale.nix
+++ b/hosts/ytnix/tailscale.nix
@@ -6,8 +6,13 @@
     openFirewall = true;
     useRoutingFeatures = "client";
     extraUpFlags = [
-      "--exit-node=100.122.132.30"
+      "--exit-node=chunk"
       "--accept-dns=false"
+      "--operator=yt"
+      "--exit-node-allow-lan-access"
+    ];
+    extraDaemonFlags = [
+      "--no-logs-no-support"
     ];
   };
 }