diff --git a/dragonwell/default.nix b/dragonwell/default.nix
index 825c922173caee708188a9830a265085a2b31022..081a20d8764339c793bd66116107060d78c69b7a 100644
--- a/dragonwell/default.nix
+++ b/dragonwell/default.nix
@@ -35,6 +35,8 @@       allowedTCPPorts = [
         80
         443
         6697
+        8448
+        8449
       ];
     };
   };

diff --git a/dragonwell/ugit.nix b/dragonwell/ugit.nix
index c7ef77e513623cf422d4a0e091a746ead8f30246..7dc7e36fb0c4b045d6a387fef826ec64bfac9452 100644
--- a/dragonwell/ugit.nix
+++ b/dragonwell/ugit.nix
@@ -1,29 +1,53 @@
-{
-  services.ugit = {
-    enable = true;
-    openFirewall = true;
-    authorizedKeys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXoiWcPkL5kUAqJfMxnPM/ND4qJ4kKShDhXdqnYv2ZB"
-    ];
-    tsAuthKey = "tskey-auth-kRUJE7zxH621CNTRL-Td29STXSrtTUHdacaKaYtTD82uyDXZj7"; # One-time key
-    config = {
-      ssh.clone-url = "ugit@git.jolheiser.com";
-      http.clone-url = "https://git.jolheiser.com";
-      log.json = true;
-      profile = {
-        username = "jolheiser";
-        email = "ugit@jolheiser.com";
-        links = [
-          "Github,https://github.com/jolheiser"
-          "Gitea,https://gitea.com/jolheiser"
-          "JoJoDev,https://git.jojodev.com/jolheiser"
-          "Fediverse,https://social.jolheiser.com/@jolheiser"
-        ];
+{ lib, ... }:
+let
+  opts =
+    let
+      homeDir = "/var/lib/ugit";
+    in
+    {
+      inherit homeDir;
+      enable = true;
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXoiWcPkL5kUAqJfMxnPM/ND4qJ4kKShDhXdqnYv2ZB"
+      ];
+      repoDir = "${homeDir}/repos";
+      hostKeyFile = "${homeDir}/ugit_ed25519";
+      user = "ugit";
+      group = "ugit";
+      config = {
+        ssh.clone-url = "ugit@git.jolheiser.com";
+        http.clone-url = "https://git.jolheiser.com";
+        log.json = true;
+        profile = {
+          username = "jolheiser";
+          email = "ugit@jolheiser.com";
+          links = [
+            "Github,https://github.com/jolheiser"
+            "Gitea,https://gitea.com/jolheiser"
+            "JoJoDev,https://git.jojodev.com/jolheiser"
+            "Fediverse,https://social.jolheiser.com/@jolheiser"
+          ];
+        };
       };
-      tailscale = {
-        enable = true;
-        hostname = "git";
+    };
+in
+{
+  services = {
+    ugit = {
+      public = opts;
+      private = lib.recursiveUpdate opts {
+        config = {
+          ssh.port = 8446;
+          http.port = 8447;
+          show-private = true;
+        };
       };
+    };
+    tailproxy.ugit = {
+      enable = true;
+      hostname = "git";
+      port = 8447;
+      authKey = "tskey-auth-kyuvaLt8pb11CNTRL-admMYrs6UWb5XaCcdWJAWbriZ6JMo7ksK"; # One-time key
     };
   };
 }

diff --git a/flake.lock b/flake.lock
index 8859d44b01abdb62d7a2e65ec21f79cc21ab1338..ff8550799b907b62bd339113a039a805c92af3f0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -47,15 +47,14 @@     "blog": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "templ": "templ"
+        ]
       },
       "locked": {
-        "lastModified": 1728680363,
-        "narHash": "sha256-0aJJUY0lKcDnkqLBESOFju8cgIYYrt8jvMwyFTii2Do=",
+        "lastModified": 1738539519,
+        "narHash": "sha256-20Mt15vLeH3NJUlHpNNifZNPsAwF1z88CpJHZLtdoTY=",
         "ref": "refs/heads/main",
-        "rev": "03a7f37a42affd2689a72340b8d86731bfd3d28c",
-        "revCount": 26,
+        "rev": "bd21260238688a3fd94b48f00b4505b13aaef9a9",
+        "revCount": 27,
         "type": "git",
         "url": "https://git.jolheiser.com/blog.git"
       },
@@ -89,77 +88,11 @@       "inputs": {
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_3": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
         "lastModified": 1731533236,
         "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
         "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_4": {
-      "inputs": {
-        "systems": "systems_4"
-      },
-      "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_5": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
         "type": "github"
       },
       "original": {
@@ -229,50 +162,6 @@         "type": "git",
         "url": "https://git.jolheiser.com/git-pr-nix.git"
       }
     },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "blog",
-          "templ",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
-    "gitignore_2": {
-      "inputs": {
-        "nixpkgs": [
-          "website",
-          "templ",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
     "golink": {
       "inputs": {
         "flake-utils": [
@@ -296,52 +185,6 @@         "repo": "golink",
         "type": "github"
       }
     },
-    "gomod2nix": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "blog",
-          "templ",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1722589758,
-        "narHash": "sha256-sbbA8b6Q2vB/t/r1znHawoXLysCyD4L/6n6/RykiSnA=",
-        "owner": "nix-community",
-        "repo": "gomod2nix",
-        "rev": "4e08ca09253ef996bd4c03afa383b23e35fe28a1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "gomod2nix",
-        "type": "github"
-      }
-    },
-    "gomod2nix_2": {
-      "inputs": {
-        "flake-utils": "flake-utils_4",
-        "nixpkgs": [
-          "website",
-          "templ",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1722589758,
-        "narHash": "sha256-sbbA8b6Q2vB/t/r1znHawoXLysCyD4L/6n6/RykiSnA=",
-        "owner": "nix-community",
-        "repo": "gomod2nix",
-        "rev": "4e08ca09253ef996bd4c03afa383b23e35fe28a1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "gomod2nix",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
@@ -499,7 +342,7 @@         "agenix": "agenix",
         "bennet": "bennet",
         "blog": "blog",
         "cfg-playground": "cfg-playground",
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils",
         "foundry": "foundry",
         "git-age": "git-age",
         "git-pr": "git-pr",
@@ -545,36 +388,6 @@         "repo": "default",
         "type": "github"
       }
     },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "tailproxy": {
       "inputs": {
         "nixpkgs": [
@@ -700,54 +513,6 @@         "repo": "tclip",
         "type": "github"
       }
     },
-    "templ": {
-      "inputs": {
-        "gitignore": "gitignore",
-        "gomod2nix": "gomod2nix",
-        "nixpkgs": [
-          "blog",
-          "nixpkgs"
-        ],
-        "xc": "xc"
-      },
-      "locked": {
-        "lastModified": 1733474386,
-        "narHash": "sha256-v7TbGJpudmaATf0rh6NzS2eW/s0NhUv4cburch+wK0M=",
-        "owner": "a-h",
-        "repo": "templ",
-        "rev": "c077c3fad92f4b26c6331296b8a20b71a535d725",
-        "type": "github"
-      },
-      "original": {
-        "owner": "a-h",
-        "repo": "templ",
-        "type": "github"
-      }
-    },
-    "templ_2": {
-      "inputs": {
-        "gitignore": "gitignore_2",
-        "gomod2nix": "gomod2nix_2",
-        "nixpkgs": [
-          "website",
-          "nixpkgs"
-        ],
-        "xc": "xc_2"
-      },
-      "locked": {
-        "lastModified": 1733474386,
-        "narHash": "sha256-v7TbGJpudmaATf0rh6NzS2eW/s0NhUv4cburch+wK0M=",
-        "owner": "a-h",
-        "repo": "templ",
-        "rev": "c077c3fad92f4b26c6331296b8a20b71a535d725",
-        "type": "github"
-      },
-      "original": {
-        "owner": "a-h",
-        "repo": "templ",
-        "type": "github"
-      }
-    },
     "ugit": {
       "inputs": {
         "nixpkgs": [
@@ -757,11 +522,11 @@         "tailwind-ctp": "tailwind-ctp",
         "tailwind-ctp-lsp": "tailwind-ctp-lsp"
       },
       "locked": {
-        "lastModified": 1736361594,
-        "narHash": "sha256-LsRkwboft0Hy4x4afU7b9JBc/4H/G22zDwFo0oP/a08=",
+        "lastModified": 1739507787,
+        "narHash": "sha256-w7/ACHpqwV9am8Ixu424aGW5IEe4fmDQm/9+Hj63SbY=",
         "ref": "refs/heads/main",
-        "rev": "4b90e77eed9647e7d85e9af2d81ae04506342d27",
-        "revCount": 67,
+        "rev": "5809db19f566c4891b4bfe85c5f10e2d467754fe",
+        "revCount": 72,
         "type": "git",
         "url": "https://git.jolheiser.com/ugit.git"
       },
@@ -779,67 +544,20 @@         "nixpkgs": [
           "nixpkgs"
         ],
         "tailwind-ctp": "tailwind-ctp_2",
-        "tailwind-ctp-lsp": "tailwind-ctp-lsp_2",
-        "templ": "templ_2"
+        "tailwind-ctp-lsp": "tailwind-ctp-lsp_2"
       },
       "locked": {
-        "lastModified": 1729007532,
-        "narHash": "sha256-WTCnUYILllGWI6MuG/a3Fp5HVASqPdpPbVNr7k49ZMQ=",
+        "lastModified": 1738270130,
+        "narHash": "sha256-NZtZXs3NuLbtL+6SMeZ65lz2E+IrZkGxFxHwota7GlE=",
         "ref": "refs/heads/main",
-        "rev": "82a84f0c62b0a1dddf9e7e7e464680a002439dcb",
-        "revCount": 18,
+        "rev": "16603d9f93a3f02b2f49578f6470b6fa3a9db4e3",
+        "revCount": 19,
         "type": "git",
         "url": "https://git.jolheiser.com/jolheiser.com.git"
       },
       "original": {
         "type": "git",
         "url": "https://git.jolheiser.com/jolheiser.com.git"
-      }
-    },
-    "xc": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": [
-          "blog",
-          "templ",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1724404748,
-        "narHash": "sha256-p6rXzNiDm2uBvO1MLzC5pJp/0zRNzj/snBzZI0ce62s=",
-        "owner": "joerdav",
-        "repo": "xc",
-        "rev": "960ff9f109d47a19122cfb015721a76e3a0f23a2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "joerdav",
-        "repo": "xc",
-        "type": "github"
-      }
-    },
-    "xc_2": {
-      "inputs": {
-        "flake-utils": "flake-utils_5",
-        "nixpkgs": [
-          "website",
-          "templ",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1724404748,
-        "narHash": "sha256-p6rXzNiDm2uBvO1MLzC5pJp/0zRNzj/snBzZI0ce62s=",
-        "owner": "joerdav",
-        "repo": "xc",
-        "rev": "960ff9f109d47a19122cfb015721a76e3a0f23a2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "joerdav",
-        "repo": "xc",
-        "type": "github"
       }
     }
   },