diff --git a/hosts/server/service.nix b/hosts/server/service.nix
index d663b4e..b9354a4 100644
--- a/hosts/server/service.nix
+++ b/hosts/server/service.nix
@@ -5,8 +5,8 @@
 }: {
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [80 443 22 26615 25565 24454];
-    allowedUDPPorts = [26615 25565 24454];
+    allowedTCPPorts = [80 443 22 26615 25565 24454 8080 53];
+    allowedUDPPorts = [26615 25565 24454 8080 53];
   };
 
   security.acme = {
@@ -37,6 +37,46 @@
       package = pkgs.ollama-intel;
     };
 
+    crab-hole = {
+      enable = true;
+      settings = {
+        api = {
+          listen = "192.168.0.2";
+          port = 8080;
+          show_doc = true;
+        };
+        downstream = [
+          {
+            listen = "192.168.0.2";
+            port = 53;
+            protocol = "udp";
+          }
+        ];
+        upstream = {
+          name_servers = [
+            {
+              protocol = "tls";
+              socket_addr = "[2606:4700:4700::1111]:853";
+              tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com";
+              trust_nx_responses = false;
+            }
+            {
+              protocol = "tls";
+              socket_addr = "1.1.1.1:853";
+              tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com";
+              trust_nx_responses = false;
+            }
+          ];
+        };
+        blocklist.lists = [
+          "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
+          "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
+          "https://raw.githubusercontent.com/anudeepND/blacklist/master/CoinMiner.txt"
+          "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
+        ];
+      };
+    };
+
     gitea = {
       enable = true;
       settings = {