diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix
index cf49489..c5c0151 100644
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -97,20 +97,20 @@
         hostName = "homebox";
         nameservers = [ "1.1.1.1" "1.0.0.1" ];
         networkmanager.enable = true;
-        firewall.allowedTCPPorts = [ 22 80 443 ];
-        firewall.interfaces."ve-traefik".allowedTCPPorts = [ 
+        firewall.allowedTCPPorts = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable [ 22 80 443 ];
+        firewall.interfaces."ve-traefik".allowedTCPPorts = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable [ 
             8080 
             8123
         ];
-        firewall.interfaces."ve-novnc" = {
+        firewall.interfaces."ve-novnc" = lib.mkIf config.sysconfig.opts.virtualization.novnc.enable {
             allowedTCPPorts = [ 5900 ];
             allowedUDPPorts = [ 5900 ];
         };
         hosts = {
-            "192.168.100.11" = [ "blunkall.us" "*.blunkall.us" ];
-            "192.168.100.20" = [ "gitea.blunkall.us" ];
-            "192.168.100.21:5678" = [ "n8n.local" ];
-            "192.168.100.25:8123" = [ "hass.local" ];
+            "192.168.100.11" = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable [ "blunkall.us" "*.blunkall.us" ];
+            "192.168.100.20" = lib.mkIf config.sysconfig.opts.virtualization.gitea.enable [ "gitea.blunkall.us" ];
+            "192.168.100.21:5678" = lib.mkIf config.sysconfig.opts.virtualization.n8n.enable [ "n8n.local" ];
+            "192.168.100.25:8123" = lib.mkIf config.sysconfig.opts.virtualization.homeassistant.enable [ "hass.local" ];
         };
         nftables = {};
         nat = {