diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index b93dbcc..659f662 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -247,6 +247,20 @@ in
     hostId = "a6b19da0";
     hostName = "fwminex";
     domain = "servers.jakst";
-    firewall.rejectPackets = true;
+    firewall = {
+      rejectPackets = true;
+      allowedUDPPorts = [
+        53
+        80
+        443
+      ];
+      allowedTCPPorts = [
+        53
+        80
+        443
+        config.services.syncthing.relay.port
+        config.services.syncthing.relay.statusPort
+      ];
+    };
   };
 }
diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix
index f6a8bb7..81794ed 100644
--- a/modules/services/gitea/default.nix
+++ b/modules/services/gitea/default.nix
@@ -76,7 +76,8 @@
       '';
 
       caddy = {
-        virtualHosts."git.jakstys.lt".extraConfig = ''
+        # TODO: http migration
+        virtualHosts."git.jakstys.lt:80".extraConfig = ''
           route /static/assets/* {
             uri strip_prefix /static
             file_server * {