diff --git a/configuration.nix b/configuration.nix
index bf219ce..423eda1 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -128,8 +128,19 @@
   services.openssh.enable = true;
   services.openssh.settings.PasswordAuthentication = false;
   # services.openssh.settings.PermitRootLogin = "proh";
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "glennpub@proton.me";
+      dnsProvider = "cloudflare";
+  #     # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
+  #     # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
+      environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend";
+    };
+  };
 
   # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
diff --git a/forgejo.nix b/forgejo.nix
index a09afeb..6ef8194 100644
--- a/forgejo.nix
+++ b/forgejo.nix
@@ -5,17 +5,6 @@ let
 	# derp = "hi";
 in
 {
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "glennpub@proton.me";
-      dnsProvider = "cloudflare";
-  #     # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
-  #     # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
-      environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend";
-    };
-  };
-  networking.firewall.allowedTCPPorts = [ 80 443 3000 ];
   services.forgejo = {
     enable = true;
     settings = {