diff --git a/hardware/alpine.nix b/hardware/alpine.nix
index 86ccc79..b7beed7 100644
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@@ -78,7 +78,7 @@ in {
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
   # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
-  networking.firewall.allowedTCPPorts = [ 22 53 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
diff --git a/home/default.nix b/home/default.nix
index d0c7078..f7e0fa1 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -50,7 +50,19 @@
     };
   };
 
-  programs.ssh.enable = true;
+  programs.ssh = {
+    enable = true;
+    matchBlocks = {
+      "git.tristans.cloud" = {
+        user = "forgejo";
+        hostname = "100.106.241.122";
+      };
+      "alpine" = {
+        hostname = "100.106.241.122";
+        user = "tristan";
+      };
+    };
+  };
 
   programs.direnv.enable = true;
 }
diff --git a/nixos/default.nix b/nixos/default.nix
index 593d849..e93d7df 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -25,7 +25,16 @@ in {
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.networkmanager.enable = true;
+
   services.tailscale.enable = true;
+  networking.firewall.interfaces.tailscale0 = {
+    allowedTCPPortRanges = [
+      {
+        from = 0;
+        to = 65535;
+      }
+    ];
+  };
 
   time.timeZone = lib.mkDefault "Europe/London";
 
@@ -34,15 +43,6 @@ in {
     useXkbConfig = true;
   };
 
-  # networking.firewall.interfaces.tailscale0 = {
-  #   allowedTCPPortRanges = [
-  #     {
-  #       from = 0;
-  #       to = 65535;
-  #     }
-  #   ];
-  # };
-
   services.avahi.enable = true;
 
   i18n.defaultLocale = lib.mkDefault "en_GB.UTF-8";