diff --git a/common/secrets/secrets/linode_rw_domains.age b/common/secrets/secrets/linode_rw_domains.age
new file mode 100644
index 0000000..70be86f
--- /dev/null
+++ b/common/secrets/secrets/linode_rw_domains.age
@@ -0,0 +1,43 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBXV0xI
+dU9KUHlVWG1uRWh5ODUydVRmSTMrWXdsRUg4bEFldmZtK3M4WkZVCkNYaTQxM01I
+Tld6YVJiMnN3MVF4T2RHakRDT1Q5U21zNThPTUJkWEc2TWMKLT4gc3NoLWVkMjU1
+MTkgSmh2TCtRIGp4d3ZqcGxHM2ZDUmVUcHJiWGI0WXcxMVVCRkhOMm05bDNVQXN4
+RFFyeTQKL1FiSmxhZUZOMzRqaTdkNUNIMVJJaU1XbDkydHJpWkhJUWx6dWI3dnZs
+VQotPiBzc2gtZWQyNTUxOSBTcENqQlEgT3pxVzgvMkZ3ays4cm1WWVkwUUVIT3h0
+UDhxL0lzZmN6WjNjbE9rT3JCQQo1TldzNExWSkRTQUtFeHJVcXRyWmJkVmhtRy9Q
+a3lkcEUxaUhJbUhvR2gwCi0+IHNzaC1lZDI1NTE5IEY0YmI4ZyBORFZ5K0xoWmxy
+cEE2bmFmc2RoUHZITDhhVFhYdG4zbWpISnd5UUt3VFVvCkRvNi85TXpPRWZKS1VY
+VktuaWhIcXhEaXpBTUtQRWpzYjFwNW9oMUJQYU0KLT4gc3NoLWVkMjU1MTkgd2Ry
+WkpBIDMweFFGSmdXbXMwM01xN3BvZVdCT1dqc24yTGtZeDM5aXhZSUlMOGxMd3cK
+M3BLTTlkdGRKM3FRMHhuSFNPdmtKbFRsQXdqRjA0bnczNDlGVnoyV1BzQQotPiBz
+c2gtZWQyNTUxOSBCWUtHK3cgYTFNM3lTdmxSM1Bta2dPcTFQaHdMYjhYRlhBZFhR
+ZTJXTnlHWE9uMEZVdwpwVnNCaHFSZDR5MytVeXpRYVd4RHUvQXhvN1VVS3V2Z3Iw
+Njc3YlgxSWpJCi0+IHNzaC1lZDI1NTE5IFh6Zm1hUSBONHcrcE5JYVV6UnBFNm0w
+TXpZSHdIN216bzVxREhTQWpJSFlmU3ViWEZzCktKcW5vSmRZRXJVL1RUMUFoYWFh
+VFlOLzFwQXpBUzFoYzFRNWhGMitCR00KLT4gc3NoLWVkMjU1MTkgNWFkcU1nIGFp
+MGhSOS85eU9GZ1RGWGNVZWV4aFBFNGlvY3Z0RzNBcThjSTBFYWkreE0KL3d4SDVB
+eUc2WTdHRXdGa0l3eWk3ajJsNThFNk1mSVEwS0xGMFo2WW1qMAotPiBzc2gtZWQy
+NTUxOSBaZTFNd1Egekk5Z25lRjYrYlhDRzNyY3E0MUR1bHI5a2hoZGNoWnNjODlN
+K29tbUJRNApZUDl2M2E0RTVRRFlINEgxRkd3Q2pIandQNlBhVTZiRVhtQUlPS1NC
+RHRrCi0+IHNzaC1lZDI1NTE5IHBlRkJRZyB4OGRJbGVLOFdSaXljcC9tVjBkUjlQ
+ZE9RSzNwNE0xK0w1bDdmay9JbFJFClRRa3JRSzZVNmNOMFR0WUw5MGxRalNlakJE
+bm9MOVFMSkk4RGFCWGdrY2sKLT4gc3NoLWVkMjU1MTkgOXYvMkhBIGQ4QXhoczRI
+QnJRTGFjanFBenE4MXRqUTRSQkFPUmNiSkJGRHBpQjVxeEkKZjBOcjRMVVBqZ1dp
+L2Zjak05eVE5YVMwVVRNRkk1aHEwSkVaWE1ReWU5awotPiBzc2gtZWQyNTUxOSBS
+NSt4ZncgYzhHdVZINWYyNjcvNE02NUozc1k4SjMvbTV3MGZNT1VkUFVXbjZlaHJn
+UQpGV0IvTXNDQUtjeWtIVGhEdmdsRWNRQTZDdGc1NGlYdVVudkNCaXlPZ3RZCi0+
+IHNzaC1lZDI1NTE5IFJvWDVQUSB1NnVjSWdUSCtsMDRjT2p6TXAvczVaNnFXQ2dL
+bTFNMDcvRVJzV0xVUVJzCnorNTlvUGJlcGk3ei9CdmxNczVsOU9DUjdTWjY5VE03
+bnVNUnNHcjkxSWsKLT4gc3NoLWVkMjU1MTkga0hrMmdBIGhyM0x5MVhiYUQvbmYz
+MnVHTWpjYyt0WWQ2c2FzSkYzS0U1UUZRdXZSQkUKU0VZV1NJaHNhS1djZTY0SW9N
+VGhObDB3ODg2bVVxcFRwUFFFbFBYaG01RQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
+VFRSajdzckRtZU9ZK0dwcWNld0F4Q0RCb0JOOVJBWTU3Sm9WQUh1K2xEawpXQW9X
+WGYyRnNMcmZ0TFZ5R0FaYmdqMENPVmU2b3B6K00rUFYzQmxEVFdrCi0+IDs4NnMp
+bCktZ3JlYXNlIEVkR1IgKgowVGZnVEg4cU9kMmIzdWFZeE1nS2RCYVNXV1hHb2p6
+WVpqLzRzTWVOb0owbHhweUdpc0pHQ0lRY2hMQXlqOXpFCmJhR0lBWFo5L0JGeTgw
+QTlHcVhIM1YvOC9UTnlCeVA4a3ZNcQotLS0gSHYyY1BSc0NqRExDL0FWSG84VGhT
+OXRKaThvamhmNTdiUjF0QnNRTGkzWQo3Bxz+qj6gbLsTNNM/3Dp9ppYrGXHccgee
+o9KJs6L9AadYB+PrcseM6DtNEhupvy8zXP6txbVbfP2Xus7j2sXmj9uM30HUn60i
+4XRoL1snQIhfjP+YNp0QkvkHtZvXzraM
+-----END AGE ENCRYPTED FILE-----
diff --git a/common/secrets/secrets/secrets.nix b/common/secrets/secrets/secrets.nix
index 55a44d2..80c241c 100644
--- a/common/secrets/secrets/secrets.nix
+++ b/common/secrets/secrets/secrets.nix
@@ -117,9 +117,6 @@ in
   "headscale_auth.age" = {
     publicKeys = trustedKeys;
   };
-  # "obsidian_sync_env.age" = {
-  #   publicKeys = trustedKeys;
-  # };
   "us_chi_wg.age" = {
     publicKeys = trustedKeys;
   };
@@ -135,4 +132,7 @@ in
   "vaultwarden_env.age" = {
     publicKeys = authorityKey ++ o001;
   };
+  "linode_rw_domains.age" = {
+    publicKeys = trustedKeys;
+  };
 }
diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix
index ace5c87..a1ea33b 100644
--- a/hosts/oracle/o001/nginx.nix
+++ b/hosts/oracle/o001/nginx.nix
@@ -199,20 +199,6 @@
             '';
           };
         };
-        # "obsidiansync.joshuabell.xyz" = {
-        #   enableACME = true;
-        #   forceSSL = true;
-        #   locations."/" = {
-        #     proxyPass = "http://100.64.0.1:5984";
-        #   };
-        #   extraConfig = ''
-        #     client_max_body_size 100M;
-        #     proxy_redirect off;
-        #     proxy_buffering off;
-        #     proxy_set_header Host $host;
-        #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        #   '';
-        # };
         "jellyfin.joshuabell.xyz" = {
           enableACME = true;
           forceSSL = true;
@@ -229,6 +215,7 @@
         };
 
         "_" = {
+          rejectSSL = true;
           default = true;
           locations."/" = {
             return = "444"; # 404 for not found or 444 for drop