diff --git a/flake.lock b/flake.lock
index c538140..da48e23 100644
--- a/flake.lock
+++ b/flake.lock
@@ -103,21 +103,6 @@
         "type": "github"
       }
     },
-    "emenel-templates": {
-      "locked": {
-        "lastModified": 1741380318,
-        "narHash": "sha256-C0HpGd73NBqMUjOTLJWmSBBpTiFPwetmgV182WBNrFQ=",
-        "ref": "refs/heads/main",
-        "rev": "de41a02caa5d87aabaaf56600dc3fe71b995821d",
-        "revCount": 1,
-        "type": "git",
-        "url": "ssh://git@gt.emenel.ca/emenel/nix-flake-templates"
-      },
-      "original": {
-        "type": "git",
-        "url": "ssh://git@gt.emenel.ca/emenel/nix-flake-templates"
-      }
-    },
     "flake-compat": {
       "locked": {
         "lastModified": 1733328505,
@@ -377,11 +362,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744812667,
-        "narHash": "sha256-2AJZwXMO82YGw6B/RRCPz8Wz2zSRCZIdjhdFuiw7Ymg=",
+        "lastModified": 1744828883,
+        "narHash": "sha256-0+s2fi6nETl3hK+vREzyElipVH2ZorBmU07SBvyNsLw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5d48f3ded3b55ef32d5853c9022fb4df29b3fc45",
+        "rev": "b35bccc32d3fc49f6fcc4e08ccfd6025c9eefa20",
         "type": "github"
       },
       "original": {
@@ -1153,7 +1138,6 @@
         "disko": "disko",
         "emacs-lsp-booster": "emacs-lsp-booster",
         "emacs-overlay": "emacs-overlay",
-        "emenel-templates": "emenel-templates",
         "home-manager": "home-manager",
         "hypridle": "hypridle",
         "hyprlock": "hyprlock",
diff --git a/flake.nix b/flake.nix
index 6b5457f..7858b3c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -96,7 +96,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    emenel-templates.url = "git+ssh://git@gt.emenel.ca/emenel/nix-flake-templates";
+    # emenel-templates.url = "git+ssh://git@gt.emenel.ca/emenel/nix-flake-templates";
     # nix-way-templates.url = "github:the-nix-way/dev-templates";
 
   };
diff --git a/hosts/emenel-services/configuration.nix b/hosts/emenel-services/configuration.nix
index 8586902..89fe992 100644
--- a/hosts/emenel-services/configuration.nix
+++ b/hosts/emenel-services/configuration.nix
@@ -64,7 +64,7 @@
   networking.domain = "";
   networking.useDHCP = true;
   networking.firewall.enable = false;
-  networking.firewall.allowedTCPPorts = [ 22 80 12345 ];
+  # networking.firewall.allowedTCPPorts = [ 22 80 ];
   services.openssh.enable = true;
 
   environment.systemPackages = with pkgs; [
@@ -105,7 +105,7 @@
     clean = {
       enable = true;
       dates = "daily";
-      extraArgs = "--keep 4";
+      extraArgs = "--keep 3";
     };
     flake = "/home/emenel/source/nixos-config";
     package = pkgs.nh;
diff --git a/modules/system/forgejo.nix b/modules/system/forgejo.nix
index f80d084..d514331 100644
--- a/modules/system/forgejo.nix
+++ b/modules/system/forgejo.nix
@@ -12,9 +12,17 @@ in
       };
       stateDir = "/mnt/git-storage";
       settings = {
+        default = {
+          APP_NAME = "safe harbour";
+        };
         server = {
+          DOMAIN = "gt.emenel.ca";
+          ROOT_URL = "https://gt.emenel.ca/";
           HTTP_PORT = port;
         };
+        repository = {
+          DEFAULT_BRANCH = "main";
+        };
         service.DISABLE_REGISTRATION = true;
         actions = {
           ENABLED = true;
@@ -30,16 +38,15 @@ in
       # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
     };
 
-    # caddy.virtualHosts."gt.emenel.ca" = {
-    #     serverAliases = [ "www.gt.emenel.ca" ];
-    #     extraConfig = ''
-    #     reverse_proxy http://localhost:${port} {
-    #       header_down X-Real-IP {http.request.remote}
-    #       header_down X-Forwarded-For {http.request.remote}
-    #     }
-    #     '';
-    #   };
-    # };
+    caddy.virtualHosts."gt.emenel.ca" = {
+      extraConfig = ''
+        tls internal
+        reverse_proxy http://localhost:12345 {
+          header_down X-Real-IP {http.request.remote}
+          header_down X-Forwarded-For {http.request.remote}
+        }
+        '';
+    };
 
     # gitea-actions-runner = {
     #   package = pkgs.forgejo-actions-runner;
@@ -82,15 +89,15 @@ in
     pkgs.forgejo-runner
   ];
 
-#   sops.secrets.forgejo-emenel.owner = "forgejo";
-#   systemd.services.forgejo.preStart = let
-#     adminCmd = "${lib.getExe pkgs.forgejo} admin user";
-#     pwd = config.sops.secrets.forgejo-emenel;
-#     user = "emenel"; # Note, Forgejo doesn't allow creation of an account named "admin"
-#   in ''
-#   ${adminCmd} create --admin --email "matt@emenel.ca" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
-#   ## uncomment this line to change an admin user which was already created
-#   # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
-# '';
+  #   sops.secrets.forgejo-emenel.owner = "forgejo";
+  #   systemd.services.forgejo.preStart = let
+  #     adminCmd = "${lib.getExe pkgs.forgejo} admin user";
+  #     pwd = config.sops.secrets.forgejo-emenel;
+  #     user = "emenel"; # Note, Forgejo doesn't allow creation of an account named "admin"
+  #   in ''
+  #   ${adminCmd} create --admin --email "matt@emenel.ca" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+  #   ## uncomment this line to change an admin user which was already created
+  #   # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+  # '';
 
 }