diff --git a/Justfile b/Justfile
index ec16045..25a95e5 100644
--- a/Justfile
+++ b/Justfile
@@ -73,7 +73,7 @@ sops-generate-keys:
 
 deploy target_host extra_flags="":
   @test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; }
-  ssh -A `cat nixos/hosts/{{target_host}}/.target` sudo nixos-rebuild switch {{extra_flags}} --accept-flake-config --flake \"git+https://codeberg.org/noe/nixos.git?ref={{branch}}\&rev={{commit}}#{{target_host}}\"
+  ssh -A `cat nixos/hosts/{{target_host}}/.target` sudo nixos-rebuild switch {{extra_flags}} `cat nixos/hosts/{{target_host}}/.flags 2>/dev/null || echo ''` --accept-flake-config --flake \"git+https://codeberg.org/noe/nixos.git?ref={{branch}}\&rev={{commit}}#{{target_host}}\"
 
 deploy2 target_host extra_flags="":
   @test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; }
diff --git a/nixos/hosts/porcelain-doll-repair/.flags b/nixos/hosts/porcelain-doll-repair/.flags
new file mode 100644
index 0000000..5357cde
--- /dev/null
+++ b/nixos/hosts/porcelain-doll-repair/.flags
@@ -0,0 +1 @@
+--option sanbox false
diff --git a/nixos/hosts/porcelain-doll-repair/.target b/nixos/hosts/porcelain-doll-repair/.target
index f164994..9dc472b 100644
--- a/nixos/hosts/porcelain-doll-repair/.target
+++ b/nixos/hosts/porcelain-doll-repair/.target
@@ -1 +1 @@
-10.100.0.3
+porcelain-doll-repair.hoki-porgy.ts.net
diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix
index 563bb58..a104d80 100644
--- a/nixos/hosts/porcelain-doll-repair/default.nix
+++ b/nixos/hosts/porcelain-doll-repair/default.nix
@@ -9,6 +9,7 @@
   networking.hostName = "porcelain-doll-repair";
   system.stateVersion = "24.05";
   nixpkgs.hostPlatform = "x86_64-linux";
+  services.chrony.enable = true; # needed for backups
 
   sops.secrets.db_password = {
     sopsFile = ../../../secrets/porcelain-doll-repair/default.yaml;
diff --git a/nixos/server.nix b/nixos/server.nix
index 4152fa0..81accb7 100644
--- a/nixos/server.nix
+++ b/nixos/server.nix
@@ -8,6 +8,7 @@
   ];
   
   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  services.chrony.enable = true; # needed for backups
 
   services.openssh.settings.PasswordAuthentication = false;