diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 62316bfdb..b3c09db78 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -102,6 +102,7 @@ in {
     x = {
       ci = true;
       cores = 4;
+      syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
       nets = {
         retiolum.ip4.addr = "10.243.0.91";
         wiregrill = {
@@ -121,7 +122,7 @@ in {
     omo = rec {
       ci = true;
       cores = 2;
-
+      syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
       nets = {
         retiolum = {
           ip4.addr = "10.243.0.89";
diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix
index 0d2774209..a2b24d35a 100644
--- a/makefu/2configs/tinc/retiolum.nix
+++ b/makefu/2configs/tinc/retiolum.nix
@@ -1,10 +1,18 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
 {
   imports = [
     ../binary-cache/lass.nix
   ];
   krebs.tinc.retiolum.enable = true;
+  krebs.tinc.retiolum.extraConfig = ''
+      StrictSubnets = yes
+      ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
+        LocalDiscovery = no
+      ''}
+    '';
+  #krebs.tinc.retiolum.connectTo = [ "gum" ];
   environment.systemPackages = [ pkgs.tinc ];
   networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
   networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
+
 }