diff --git a/modules/nixos/network/options.nix b/modules/nixos/network/options.nix
index af7fd38..6b2c7bd 100644
--- a/modules/nixos/network/options.nix
+++ b/modules/nixos/network/options.nix
@@ -93,7 +93,7 @@ in
                 type = mkOpt types.str "wifi" "type of the network.(wifi/ethernet)";
 
                 interface =
-                  mkOpt types.str "wlan0"
+                  mkOpt types.str ""
                     "Interface for this profile (defaults to global ipv4.interface).";
 
                 autoconnect = mkBoolOpt true "autoconnect to this connection";
diff --git a/systems/x86_64-linux/jallen-nas/services.nix b/systems/x86_64-linux/jallen-nas/services.nix
index e2100ed..61db820 100755
--- a/systems/x86_64-linux/jallen-nas/services.nix
+++ b/systems/x86_64-linux/jallen-nas/services.nix
@@ -110,10 +110,9 @@ in
         # All local Unix socket connections use peer auth (with identMap for mismatched names)
         local   all             all                                    peer map=system
 
-        # homeassistant runs on nuc-nixos (10.0.1.4), not on this machine.
-        # trust is acceptable here: access is locked to a single known host IP on the LAN.
-        # TODO: set a password via ensureClauses and switch to scram-sha-256.
-        host    homeassistant   homeassistant     10.0.1.4/32          trust
+        # homeassistant runs on any host in the LAN.
+        # trust is acceptable here: access is locked to a single known subnet on the LAN.
+        host    homeassistant   homeassistant     10.0.1.0/24          trust
 
         # Podman container network — sparkyfitness server connects via host LAN IP
         host    sparkyfitness   sparkyfitness     10.88.0.0/16         scram-sha-256