diff --git a/secrets/pihole.age b/secrets/pihole.age
index 0272910..40ec12d 100644
Binary files a/secrets/pihole.age and b/secrets/pihole.age differ
diff --git a/services/pihole.nix b/services/pihole.nix
index 10a7d74..0dc7625 100644
--- a/services/pihole.nix
+++ b/services/pihole.nix
@@ -16,18 +16,12 @@
           containerConfig = {
             image = "docker.io/pihole/pihole:2025.06.2";
             publishPorts =
-              [ "53:53/tcp" "53:53/udp" "80:80/tcp" "443:443/tcp" "67:67/udp" ];
+              [ "53:53/tcp" "53:53/udp" "80:80/tcp" "443:443/tcp" ];
             environmentFiles = [ config.age.secrets.pihole-credentials.path ];
-            volumes =
-              [ "/etc/pihole:/etc/pihole:Z" "/etc/dnsmasq:/etc/dnsmasq:Z" ];
-            addCapabilities = [ "NET_ADMIN" ];
             networks = [ "bridge" ];
           };
         };
       };
     };
   };
-  systemd.tmpfiles.rules =
-    [ "d /etc/pihole 0770 root root -" "d /etc/dnsmasq 0770 root root -" ];
-
 }