From 3a669dd8fd05725e86ddb890d602d970bf5c5ee0 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 23 Jan 2026 11:26:59 +0100
Subject: [PATCH 1/3] sshd: Make sure to only ever listen on overlay address

---
 modules/system/services/sshd.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/system/services/sshd.nix b/modules/system/services/sshd.nix
index a4621f4..a591940 100644
--- a/modules/system/services/sshd.nix
+++ b/modules/system/services/sshd.nix
@@ -16,7 +16,7 @@ in
       openssh = {
         enable = true;
         openFirewall = false;
-        ports = [ ];
+        ports = lib.mkForce [ ];
         listenAddresses = lib.singleton {
           addr = netCfg.overlay.address;
           port = 22;
@@ -46,7 +46,7 @@ in
     users.users.seb.openssh.authorizedKeys.keyFiles =
       self.nixosConfigurations
       |> lib.attrValues
-      |> lib.filter (host: host.config.custom.networking.hostName != netCfg.hostName)
+      |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
       |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
       |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh)
       |> lib.filter (ssh: ssh.enable)

From 4ab442f61b4f55cf930ef920235566c03e159bb5 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 23 Jan 2026 11:39:21 +0100
Subject: [PATCH 2/3] lib: Remove unused functions

---
 lib/default.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/lib/default.nix b/lib/default.nix
index 49dc71f..29e074a 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -5,10 +5,6 @@
 {
   isPrivateDomain = domain: domain |> lib.hasSuffix ".splitleaf.de";
 
-  subdomainOf = domain: domain |> lib.splitString "." |> lib.head;
-
-  rootDomainOf = domain: domain |> lib.splitString "." |> lib.tail |> lib.concatStringsSep ".";
-
   listNixFilesRecursively =
     dir: dir |> lib.filesystem.listFilesRecursive |> lib.filter (lib.hasSuffix ".nix");
 

From ef4ecd7fb550283cb574e7e77c79cdb5f83677ad Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 23 Jan 2026 11:45:27 +0100
Subject: [PATCH 3/3] sops: Do eta-reduction

---
 flake-parts/sops.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/flake-parts/sops.nix b/flake-parts/sops.nix
index 3326342..2022158 100644
--- a/flake-parts/sops.nix
+++ b/flake-parts/sops.nix
@@ -27,7 +27,7 @@
             |> lib.attrValues
             |> lib.map (host: host.config.custom.sops)
             |> lib.filter (sops: sops.enable)
-            |> lib.map (sops: mkCreationRule sops);
+            |> lib.map mkCreationRule;
 
           userCreationRules =
             self.nixosConfigurations
@@ -35,7 +35,7 @@
             |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
             |> lib.map (host: host.config.home-manager.users.seb.custom.sops)
             |> lib.filter (sops: sops.enable)
-            |> lib.map (sops: mkCreationRule sops);
+            |> lib.map mkCreationRule;
 
           jsonConfig = { creation_rules = hostCreationRules ++ userCreationRules; } |> lib.strings.toJSON;
         in