diff --git a/ansible/roles/cv/defaults/main.yml b/ansible/roles/cv/defaults/main.yml
index 734e52b..a18cc82 100644
--- a/ansible/roles/cv/defaults/main.yml
+++ b/ansible/roles/cv/defaults/main.yml
@@ -3,7 +3,7 @@
 # Caddy serves cv_content_dir directly via the static-kind service block.
 
 cv_version: "v1.0.3"
-cv_release_url: "https://forge.eblu.me/api/packages/eblume/generic/cv/{{ cv_version }}/cv-{{ cv_version }}.tar.gz"
+cv_release_url: "https://forge.ops.eblu.me/api/packages/eblume/generic/cv/{{ cv_version }}/cv-{{ cv_version }}.tar.gz"
 
 cv_home: /Users/erichblume/blumeops/cv
 cv_content_dir: "{{ cv_home }}/content"
diff --git a/containers/shower/default.nix b/containers/shower/default.nix
index c968a7b..1b12649 100644
--- a/containers/shower/default.nix
+++ b/containers/shower/default.nix
@@ -49,7 +49,7 @@ let
       "$TMPDIR/venv/bin/pip" install \
         --no-cache-dir \
         --index-url=https://pypi.ops.eblu.me/root/pypi/+simple/ \
-        --extra-index-url=https://forge.eblu.me/api/packages/eblume/pypi/simple/ \
+        --extra-index-url=https://forge.ops.eblu.me/api/packages/eblume/pypi/simple/ \
         "adelaide-baby-shower-app==${version}" \
         gunicorn
 
diff --git a/fly/nginx.conf b/fly/nginx.conf
index 7a70167..089971c 100644
--- a/fly/nginx.conf
+++ b/fly/nginx.conf
@@ -184,6 +184,23 @@ http {
             return 200 "User-agent: *\nDisallow: /mirrors/\nDisallow: /user/\nDisallow: /users/\nDisallow: /*/archive/\nDisallow: /*/releases/download/\n";
         }
 
+        # Block the package registry at the public edge. Forgejo's per-user
+        # visibility model treats packages as world-readable when the owner
+        # has Visibility=Public — which means anyone on the internet can
+        # enumerate and download every wheel/sdist/generic artifact, even
+        # for private-repo releases (the sdist contains full source). We
+        # like keeping eblume's profile public, so we close the hole here
+        # at the proxy instead: WAN sees 403, tailnet (forge.ops.eblu.me)
+        # stays open for legitimate consumers (CI workflows, gilbert).
+        # See docs/tutorials/expose-service-publicly.md for the broader
+        # threat model on this proxy.
+        location /api/packages/ {
+            return 403 "Package downloads are tailnet-only — use forge.ops.eblu.me.\n";
+        }
+        location /api/v1/packages {
+            return 403 "Package enumeration is tailnet-only — use forge.ops.eblu.me.\n";
+        }
+
         # Block swagger API docs — use forge.ops.eblu.me from tailnet
         location /swagger {
             return 403 "API documentation is only available at forge.ops.eblu.me (tailnet).\n";