diff --git a/hosts/nixedo/configuration.nix b/hosts/nixedo/configuration.nix
index 3d64a206..27835659 100644
--- a/hosts/nixedo/configuration.nix
+++ b/hosts/nixedo/configuration.nix
@@ -20,6 +20,7 @@
 
     ./modules/acme.nix
     ./modules/audiobookshelf.nix
+    ./modules/cloudflared.nix
     ./modules/containers
     ./modules/forgejo.nix
     ./modules/immich.nix
@@ -27,6 +28,21 @@
     ./modules/paperless.nix
   ];
 
+  services.cloudflared = {
+    enable = true;
+
+    tunnels."e1514105-327f-4984-974e-e2fbaca76466" = {
+      credentialsFile = config.age.secrets.cloudflared.path;
+      default = "http_status:404";
+
+      ingress = {
+        "test.oliverdavies.uk" = {
+          service = "http://localhost:8000";
+        };
+      };
+    };
+  };
+
   nixosModules = {
     audiobookshelf.enable = true;
     immich.enable = true;
diff --git a/hosts/nixedo/modules/cloudflared.nix b/hosts/nixedo/modules/cloudflared.nix
new file mode 100644
index 00000000..8038c8d8
--- /dev/null
+++ b/hosts/nixedo/modules/cloudflared.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+
+{
+  services.cloudflared = {
+    enable = true;
+
+    tunnels."e1514105-327f-4984-974e-e2fbaca76466" = {
+      credentialsFile = config.age.secrets.cloudflared.path;
+      default = "http_status:404";
+
+      ingress = {
+        "test.oliverdavies.uk" = {
+          service = "http://localhost:8000";
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/nixedo/secrets.nix b/hosts/nixedo/secrets.nix
index da8e7ae1..4ca1035f 100644
--- a/hosts/nixedo/secrets.nix
+++ b/hosts/nixedo/secrets.nix
@@ -1,6 +1,7 @@
 {
   age.secrets = {
     cloudflare.file = ../../secrets/cloudflare.age;
+    cloudflared.file = ../../secrets/cloudflared-credentials.age;
     tubearchivist.file = ../../secrets/tubearchivist.age;
   };
 }
diff --git a/secrets.nix b/secrets.nix
index c1968d74..17947d4d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,9 +8,9 @@ let
     t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
   };
 
-  users = {
-    opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
-  };
+  opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
+
+  users = [ opdavies ];
 in
 {
   "secrets/cloudflare.age".publicKeys = [
@@ -21,9 +21,7 @@ in
     hosts.t490
   ] ++ users;
 
-  "secrets/cloudflare.age".publicKeys = [
-    hosts.hetznix
+  "secrets/cloudflared-credentials.age".publicKeys = [
     hosts.nixedo
-    hosts.t480
   ] ++ users;
 }
diff --git a/secrets/cloudflared-credentials.age b/secrets/cloudflared-credentials.age
new file mode 100644
index 00000000..dc592620
--- /dev/null
+++ b/secrets/cloudflared-credentials.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 IsVD3g jeHVvTzxsEQOGls45oDKjDCWDSejIiPnSNZxnZRRPiQ
+sapo+FofxdYGeidn49uEO+D+SDK9KKLRUAWJMoU5T10
+-> ssh-rsa +vTWQw
+4SfYg8oc9eBd4zHYfDFYhUTmzHG4HGuz6wpcXMgmiemD5CIt+q2Q5ZzHnUhbfUsm
+GIDlRFjN6JWbJSmzW3HpUt/t7WQVk44QyOD5azHM3d8ctcv7ana2npPukQKGqpWu
+hWFX6amY5ng2yf1hfeeUgvhKIpDGxgnFKfAbNCheqdgWHWLaUpDSCuc0eugOziMD
+RWEsLsHudpdWHtik0cB/Uwycpc/T09sOm2k36H2mMvtjeWdldSHezOcn0uO7Gs9H
+OxpPdcuwTeisb6R3zI12ZAL/vEu/8h25OWNkfM64O4p/rkgPpbqhJBiIZL04vRcy
+zLnq967b9RqqjmDZFPOkcZBtXm5ck1qo4UYDRck2wkQLfUNkHAYHnwO+29RxstA0
+ShQe1uUo68Hx17st/X2wwUZlnfhTcJ4IZwmuOiEZiNgmwbb9ZXBTi8myV1Tpgpkh
+I0ooy/pU/tocS2/4XjYwcjRMmEcI0r7ESOgJmyzoakwM7Jbh3kaTDXd324vPYzhQ
+SPvosb9VFNCQFuc02LOD1Psy74IEGp5xIMRKGxDE8VSnFFMiNpu3La6HRlrb6e4s
+/G2OZ9lsrXSC8gyOF78olk1QMkuSvT6Lw56QhMbuC1XiVINd3+GKQNkE8T2BPAKS
+P5PBYTbi0bZjqA4OwbBf+nSPxljUGed1R3IbpAvPM04
+--- 2VNOkmpXcK+ywl+DBli84MCED52jL/dPiIpzN82Xrqg
+��VB�y�r=]���]�Q��6�>�-���3��k
�P7�Bi���0�sFԸϣn|�f�0ڡY�$z���U?��"����"%%�<ދ��*yf��^h�V�C�N��g���m�婪g�=�����+�+�v��
�:u9#�BS�;�Ji7���6���h�	@�����7��`$�<�!�Y�b����$���E�m>5$�fV3V�";
\ No newline at end of file