home/applications/ssh/default.nix

@@ -1,11 +0,0 @@
-{config, ...}: {
-  programs.ssh = {
-    enable = true;
-    matchBlocks = let
-      inherit (config.home) homeDirectory;
-    in {
-      "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
-      "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
-    };
-  };
-}

home/default.nix

@@ -42,7 +42,6 @@
     ./applications/git
     ./applications/gpg
     ./applications/neovim
-    ./applications/ssh
     ./applications/starship
     ./applications/tealdeer
     ./applications/tmux

hosts/aristotle/default.nix

@@ -30,6 +30,9 @@
     localsend
   ];
 
+  networking.firewall.allowedTCPPorts = [53317];
+  networking.firewall.allowedUDPPorts = [53317];
+
   programs.adb.enable = true;
   programs.anime-game-launcher.enable = true;
   programs.seahorse.enable = true;

hosts/blacksteel/Caddyfile

@@ -40,20 +40,12 @@ http://mastodon.ny4.dev:80 {
 
 http://matrix.ny4.dev:80 {
 	import default
-	reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock {
+	reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock
-		header_up X-Forwarded-Proto "https"
+	reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock
-	}
+	reverse_proxy /health unix//run/matrix-synapse/synapse.sock
-	reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock {
-		header_up X-Forwarded-Proto "https"
-	}
-	reverse_proxy /health unix//run/matrix-synapse/synapse.sock {
-		header_up X-Forwarded-Proto "https"
-	}
 }
 
 http://syncv3.ny4.dev:80 {
 	import default
-	reverse_proxy unix//run/matrix-sliding-sync/sync.sock {
+	reverse_proxy unix//run/matrix-sliding-sync/sync.sock
-		header_up X-Forwarded-Proto "https"
-	}
 }

hosts/blacksteel/default.nix

@@ -47,7 +47,7 @@
   };
 
   ######## Services
-  environment.systemPackages = with pkgs; [qbittorrent-nox];
+  environment.systemPackages = with pkgs; [qbittorrent];
 
   services.tailscale = {
     enable = true;
@@ -60,11 +60,14 @@
       "6222a3e0-98da-4325-be19-0f86a7318a41" = {
         credentialsFile = config.sops.secrets."cloudflared/secret".path;
         default = "http_status:404";
-        ingress = lib.genAttrs [
+        ingress = {
-          "mastodon.ny4.dev"
+          # TODO: is this safe?
-          "matrix.ny4.dev"
+          # browser <-> cloudflare cdn <-> cloudflared <-> caddy <-> mastodon
-          "syncv3.ny4.dev"
+          #                                             ^ no tls in this part?
-        ] (_: "http://localhost");
+          "mastodon.ny4.dev" = "http://localhost:80";
+          "matrix.ny4.dev" = "http://localhost:80";
+          "syncv3.ny4.dev" = "http://localhost:80";
+        };
       };
     };
   };

hosts/dust/default.nix

@@ -27,13 +27,13 @@
 
   environment.systemPackages = with pkgs; [
     yubikey-manager
+    localsend
   ];
 
   networking.firewall.allowedTCPPorts = [53317];
   networking.firewall.allowedUDPPorts = [53317];
 
   programs.adb.enable = true;
-  programs.localsend.enable = true;
   programs.seahorse.enable = true;
   programs.steam.enable = true;
   programs.kdeconnect = {