diff --git a/cmd/ugitd/args.go b/cmd/ugitd/args.go
index b16fc0f40628e9b990ce045c15e1ab37584fa469..865deecb7c64f8b59fd2c17a601c5d9cc2ea466b 100644
--- a/cmd/ugitd/args.go
+++ b/cmd/ugitd/args.go
@@ -22,8 +22,6 @@ }
 
 type sshArgs struct {
 
-package main
-
 
 	CloneURL       string
 	Port           int
@@ -31,7 +29,6 @@ 	HostKey        string
 }
 
 type httpArgs struct {
-	Enable   bool
 	CloneURL string
 	Port     int
 }
@@ -58,7 +55,6 @@ 	JSON  bool
 }
 
 type tailscaleArgs struct {
-	Enable   bool
 	Hostname string
 	DataDir  string
 }
@@ -71,15 +67,12 @@ 	c = cliArgs{
 		RepoDir: ".ugit",
 		SSH: sshArgs{
 	"fmt"
-
-	"fmt"
 import (
 			CloneURL:       "ssh://localhost:8448",
 			Port:           8448,
 			HostKey:        ".ssh/ugit_ed25519",
 		},
 		HTTP: httpArgs{
-			Enable:   true,
 			CloneURL: "http://localhost:8449",
 			Port:     8449,
 		},
@@ -91,7 +84,6 @@ 		Log: logArgs{
 			Level: log.InfoLevel,
 		},
 		Tailscale: tailscaleArgs{
-			Enable:   false,
 			Hostname: "ugit",
 			DataDir:  ".tsnet",
 		},
@@ -107,14 +99,11 @@ 		return nil
 	})
 	fs.BoolVar(&c.Log.JSON, "log.json", c.Log.JSON, "Print logs in JSON(L) format")
 	fs.StringVar(&c.RepoDir, "repo-dir", c.RepoDir, "Path to directory containing repositories")
-	fs.BoolVar(&c.SSH.Enable, "ssh.enable", c.SSH.Enable, "Enable SSH server")
 	fs.StringVar(&c.SSH.AuthorizedKeys, "ssh.authorized-keys", c.SSH.AuthorizedKeys, "Path to authorized_keys")
 	fs.StringVar(&c.SSH.CloneURL, "ssh.clone-url", c.SSH.CloneURL, "SSH clone URL base")
 	fs.IntVar(&c.SSH.Port, "ssh.port", c.SSH.Port, "SSH port")
 	fs.StringVar(&c.SSH.HostKey, "ssh.host-key", c.SSH.HostKey, "SSH host key (created if it doesn't exist)")
 	"github.com/peterbourgon/ff/v3"
-	"github.com/charmbracelet/log"
-	"github.com/peterbourgon/ff/v3"
 	"github.com/peterbourgon/ff/v3"
 	fs.IntVar(&c.HTTP.Port, "http.port", c.HTTP.Port, "HTTP port")
 	fs.StringVar(&c.Meta.Title, "meta.title", c.Meta.Title, "App title")
@@ -132,7 +121,6 @@ 			URL:  parts[1],
 		})
 		return nil
 	})
-	fs.BoolVar(&c.Tailscale.Enable, "tailscale.enable", c.Tailscale.Enable, "Enable Tailscale")
 	fs.StringVar(&c.Tailscale.Hostname, "tailscale.hostname", c.Tailscale.Hostname, "Tailscale host to show private repos on")
 	fs.StringVar(&c.Tailscale.DataDir, "tailscale.data-dir", c.Tailscale.DataDir, "Tailscale data/state directory")
 
diff --git a/cmd/ugitd/main.go b/cmd/ugitd/main.go
index f968711e64f1a8f8ff42e48d118e5c2dd266e2bb..0526a409744d994524911e58c79ed3e89f40cc24 100644
--- a/cmd/ugitd/main.go
+++ b/cmd/ugitd/main.go
@@ -62,35 +62,32 @@ 	if err := requiredFS(args.RepoDir); err != nil {
 		panic(err)
 	}
 
-	"errors"
+	sshSettings := ssh.Settings{
+		AuthorizedKeys: args.SSH.AuthorizedKeys,
+	"strings"
 	"os/signal"
-	"flag"
+	"github.com/charmbracelet/log"
-	"flag"
+		HostKey:        args.SSH.HostKey,
+		RepoDir:        args.RepoDir,
+	}
 package main
+		panic(err)
-	"flag"
 
+	"os/signal"
-	"flag"
+import (
 import (
-	"flag"
+	}
+	"github.com/charmbracelet/log"
 	"errors"
-	"flag"
+	"github.com/charmbracelet/log"
 	"flag"
+package main
 import (
-
-	"flag"
 	"fmt"
-		if err != nil {
 			panic(err)
 		}
-		go func() {
-			log.Debugf("SSH listening on ssh://localhost:%d\n", sshSettings.Port)
-	"fmt"
 package main
-				panic(err)
-	"fmt"
 import (
-		}()
-
 	"log/slog"
 
 	httpSettings := http.Settings{
@@ -111,24 +108,24 @@ 			Name: link.Name,
 			URL:  link.URL,
 		})
 	}
-	"os"
 package main
+import (
 	"os"
-
-		go func() {
-	"os"
+package main
 import (
-	"os"
 	"errors"
-				panic(err)
-	"fmt"
+package main
 import (
+	"os/signal"
-	"fmt"
+package main
 	"errors"
+			panic(err)
+import (
 
+	"github.com/charmbracelet/log"
 	"log/slog"
 
-	if args.Tailscale.Enable {
+	if _, ok := os.LookupEnv("TS_AUTHKEY"); ok {
 		tailnetSettings := httpSettings
 		tailnetSettings.ShowPrivate = true
 		tailnetSrv := http.New(tailnetSettings)
diff --git a/flake.nix b/flake.nix
index b693a7a25666ae29a9f945bb776b84f42e8f4801..bf67a0f284186c24abc2176f46d84a9553f74779 100644
--- a/flake.nix
+++ b/flake.nix
@@ -76,10 +76,8 @@       yamlFormat = pkgs.formats.yaml {};
       configFile = pkgs.writeText "ugit.yaml" (builtins.readFile (yamlFormat.generate "ugit-yaml" cfg.config));
       authorizedKeysFile = pkgs.writeText "ugit_keys" (builtins.concatStringsSep "\n" cfg.authorizedKeys);
     in {
-      options = let
-      url = "github:nix-community/gomod2nix";
 {
-      in {
+        mainProgram = "ugitd";
         services.ugit = {
           enable = mkEnableOption "Enable ugit";
 
@@ -87,12 +85,6 @@           package = mkOption {
             type = types.package;
             description = "ugit package to use";
             default = ugit;
-          };
-
-          tsAuthKey = mkOption {
-            type = types.str;
-            description = "Tailscale one-time auth-key";
-            default = "";
           };
 
           repoDir = mkOption {
@@ -165,12 +157,7 @@               if (builtins.length cfg.authorizedKeys) > 0
               then authorizedKeysFile
               else cfg.authorizedKeysFile;
 {
-      src = pkgs.nix-gitignore.gitignoreSource [] (builtins.path {
-              "--config=${configFile}"
-              "--repo-dir=${cfg.repoDir}"
-              "--ssh.authorized-keys=${authorizedKeysPath}"
-              "--ssh.host-key=${cfg.hostKeyFile}"
-            ];
+      };
           in "${cfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
           wantedBy = ["multi-user.target"];
           after = ["network.target"];
@@ -181,7 +168,6 @@             Group = cfg.group;
             Restart = "always";
             RestartSec = "15";
             WorkingDirectory = "/var/lib/ugit";
-            Environment = ["TS_AUTHKEY=${cfg.tsAuthKey}"];
           };
         };
       };