diff --git a/nixos/keycloak.nix b/nixos/keycloak.nix
index 08211dfc..66ad494a 100644
--- a/nixos/keycloak.nix
+++ b/nixos/keycloak.nix
@@ -14,6 +14,7 @@ users.users.keycloak = {
     group = "keycloak";
 };
 
+networking.firewall.allowedTCPPorts = [ 80 ];
 users.groups.keycloak = {};
 systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false;
 
diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf
index 40138d0f..7cad4def 100644
--- a/tf/cloudflare_records.tf
+++ b/tf/cloudflare_records.tf
@@ -33,6 +33,7 @@ module "hakurei_system_records" {
     "freeipa",
     "ldap",
     "pbx",
+    "sso",
     "smb",
     "kitchen",
     "yt",