6 changed files with 17 additions and 31 deletions
--- a/home/applications/ssh/default.nix
+++ b/home/applications/ssh/default.nix
@ -1,11 +0,0 @@
-{config, ...}: {
-  programs.ssh = {
-    enable = true;
-    matchBlocks = let
-      inherit (config.home) homeDirectory;
-    in {
-      "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
-      "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
-    };
-  };
-}
--- a/home/default.nix
+++ b/home/default.nix
@ -42,7 +42,6 @@
    ./applications/git
    ./applications/gpg
    ./applications/neovim
-    ./applications/ssh
    ./applications/starship
    ./applications/tealdeer
    ./applications/tmux
--- a/hosts/aristotle/default.nix
+++ b/hosts/aristotle/default.nix
@ -30,6 +30,9 @@
    localsend
  ];

+  networking.firewall.allowedTCPPorts = [53317];
+  networking.firewall.allowedUDPPorts = [53317];
+
  programs.adb.enable = true;
  programs.anime-game-launcher.enable = true;
  programs.seahorse.enable = true;
--- a/hosts/blacksteel/Caddyfile
+++ b/hosts/blacksteel/Caddyfile
@ -40,20 +40,12 @@ http://mastodon.ny4.dev:80 {

 http://matrix.ny4.dev:80 {
 	import default
-	reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock {
-		header_up X-Forwarded-Proto "https"
-	}
-	reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock {
-		header_up X-Forwarded-Proto "https"
-	}
-	reverse_proxy /health unix//run/matrix-synapse/synapse.sock {
-		header_up X-Forwarded-Proto "https"
-	}
+	reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock
+	reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock
+	reverse_proxy /health unix//run/matrix-synapse/synapse.sock
 }

 http://syncv3.ny4.dev:80 {
 	import default
-	reverse_proxy unix//run/matrix-sliding-sync/sync.sock {
-		header_up X-Forwarded-Proto "https"
-	}
+	reverse_proxy unix//run/matrix-sliding-sync/sync.sock
 }
--- a/hosts/blacksteel/default.nix
+++ b/hosts/blacksteel/default.nix
@ -47,7 +47,7 @@
  };

  ######## Services
-  environment.systemPackages = with pkgs; [qbittorrent-nox];
+  environment.systemPackages = with pkgs; [qbittorrent];

  services.tailscale = {
    enable = true;
@ -60,11 +60,14 @@
      "6222a3e0-98da-4325-be19-0f86a7318a41" = {
        credentialsFile = config.sops.secrets."cloudflared/secret".path;
        default = "http_status:404";
-        ingress = lib.genAttrs [
-          "mastodon.ny4.dev"
-          "matrix.ny4.dev"
-          "syncv3.ny4.dev"
-        ] (_: "http://localhost");
+        ingress = {
+          # TODO: is this safe?
+          # browser <-> cloudflare cdn <-> cloudflared <-> caddy <-> mastodon
+          #                                             ^ no tls in this part?
+          "mastodon.ny4.dev" = "http://localhost:80";
+          "matrix.ny4.dev" = "http://localhost:80";
+          "syncv3.ny4.dev" = "http://localhost:80";
+        };
      };
    };
  };
--- a/hosts/dust/default.nix
+++ b/hosts/dust/default.nix
@ -27,13 +27,13 @@

  environment.systemPackages = with pkgs; [
    yubikey-manager
+    localsend
  ];

  networking.firewall.allowedTCPPorts = [53317];
  networking.firewall.allowedUDPPorts = [53317];

  programs.adb.enable = true;
-  programs.localsend.enable = true;
  programs.seahorse.enable = true;
  programs.steam.enable = true;
  programs.kdeconnect = {