diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix
index daecb68..70ed12f 100644
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -80,7 +80,7 @@
     firewall = {
       enable = true;
       allowedUDPPorts = [  ];
-      allowedTCPPorts = [ 80 443 8448 ];
+      allowedTCPPorts = [ 80 443 ];
     };
   };
 
diff --git a/modules/services/server/postgresql.nix b/modules/services/server/postgresql.nix
index 2d7b882..2de40ac 100644
--- a/modules/services/server/postgresql.nix
+++ b/modules/services/server/postgresql.nix
@@ -21,14 +21,14 @@
         timezone = "Europe/Berlin";
     };
     authentication = pkgs.lib.mkOverride 14 ''
-        local all         postgres                  peer
-        host  giteadb     gitea           samehost scram-sha-256
-        host  nextclouddb nextcloud       samehost scram-sha-256
-        host  synapsedb   synapse         samehost scram-sha-256
-        host  whatsappdb  mautrixwa       samehost scram-sha-256
-        host  telegramdb  mautrixtele     samehost scram-sha-256
-        host  signaldb    mautrixsignal   samehost scram-sha-256
-        host  keycloakdb  keycloak        samehost scram-sha-256
+        local  all         postgres        peer
+        local  giteadb     gitea           scram-sha-256
+        local  nextclouddb nextcloud       scram-sha-256
+        local  synapsedb   synapse         scram-sha-256
+        local  whatsappdb  mautrixwa       scram-sha-256
+        local  telegramdb  mautrixtele     scram-sha-256
+        local  signaldb    mautrixsignal   scram-sha-256
+        local  keycloakdb  keycloak        scram-sha-256
     '';
     initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
     ensureDatabases = [