diff --git a/configuration.nix b/configuration.nix
index b79a65e..32b06c7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -32,7 +32,7 @@
     # "net.bridge.bridge-nf-call-iptables" = 1;
     # "net.bridge.bridge-nf-call-ip6tables" = 1;
   };
-
+  
   boot.supportedFilesystems = [ "zfs" ];
   boot.zfs.forceImportRoot = false;
 
@@ -55,34 +55,20 @@
     }
   ];
   networking.defaultGateway = "192.168.69.1";
-  #networking.nameservers = [ "1.1.1.1" ];
+  networking.nameservers = [ "1.1.1.1" ];
   networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [
     22
-    53
     80
     443
     2222 # forgejo ssh
-    8184 # forgejo frontend
+    3000 # forgejo frontend
     8123 # homeassistant
     5580 # homeassistant matter
     2283 # immich
     3003 # immich ml
-    1984 # frigate go2rtc
-    8971 # frigate
-    8554 # frigate rtsp
-    8555 # frigate rtsp
-    2055 # ntopng sink
-    8182 # ntopng frontend
-    3000 # adguardhome frontend
-    8183 # adguardhome frontend
     9000
   ];
-  networking.firewall.allowedUDPPorts = [
-    53
-    8555 # frigate rtsp
-    2055 # ntopng sink
-  ];
 
   # Users
   users.users.root = {
@@ -113,7 +99,6 @@
     inetutils
     smartmontools
     parted
-    borgbackup
 
     nil
   ];
@@ -130,16 +115,15 @@
   hardware.bluetooth.enable = true;
   services.blueman.enable = true;
 
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "mail@kempinger.xyz";
     certs."kempinger.at".domain = "*.kempinger.at";
   };
 
-  #services.resolved.enable = true;
-
-  services.fail2ban.enable = true;
-
+  services.resolved.enable = true;
+  
   services.nginx = {
     enable = true;
     recommendedTlsSettings = true;
@@ -197,7 +181,7 @@
         DOMAIN = "git.kempinger.at";
         # You need to specify this to remove the port from URLs in the web UI.
         ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
-        HTTP_PORT = 8184;
+        HTTP_PORT = 3000;
         DISABLE_SSH = false;
         SSH_PORT = 2222;
         START_SSH_SERVER = true;
@@ -220,40 +204,6 @@
       #   USER = "noreply@${srv.DOMAIN}";
       # };
     };
-    dump = {
-      enable = true;
-      backupDir = "/backup/forgejo";
-      age = "6 months";
-      interval = "weekly";
-    };
-  };
-
-  # services.borgbackup.jobs."forgejo" = {
-  #   paths = config.services.forgejo.repositoryRoot;
-  #   repo = "/backup/forgejo";
-  #   startAt = "Sat 04:00";
-  #   compression = "zstd";
-  #   encryption.mode = "none";
-  #   prune.keep = {
-  #     last = 2;
-  #   };
-  # };
-
-  services.immich = {
-    enable = true;
-    accelerationDevices = null;
-    port = 2283;
-  };
-
-  services.borgbackup.jobs."immich" = {
-    paths = config.services.immich.mediaLocation;
-    repo = "/backup/immich";
-    startAt = "Sat 04:00";
-    compression = "zstd";
-    encryption.mode = "none";
-    prune.keep = {
-      last = 2;
-    };
   };
 
   # systemd.services.forgejo.preStart =
@@ -280,7 +230,6 @@
       volumes = [
         "home-assistant:/config"
         "/run/dbus:/run/dbus:ro"
-        "/backup/home-assistant:/config/backups"
       ];
       environment.TZ = "Europe/Berlin";
       # Note: The image will not be updated on rebuilds, unless the version label changes
@@ -307,87 +256,14 @@
         "--privileged"
       ];
     };
-
-    containers.frigate = {
-      #autoStart = true;
-      volumes = [
-        "frigate:/config"
-        "/run/dbus:/run/dbus:ro"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-      environment.FRIGATE_RTSP_PASSWORD = "password123";
-      # Note: The image will not be updated on rebuilds, unless the version label changes
-      image = "ghcr.io/blakeblackshear/frigate:stable";
-      extraOptions = [
-        "--shm-size=512m"
-        "--network=host"
-      ];
-    };
-    containers.mosquitto = {
-      #autoStart = true;
-      volumes = [
-        "mosquitto:/mosquitto"
-        "/run/dbus:/run/dbus:ro"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-      # Note: The image will not be updated on rebuilds, unless the version label changes
-      image = "eclipse-mosquitto";
-      extraOptions = [
-        "--network=host"
-      ];
-    };
-    containers.netflow2ng = {
-      # Note: The image will not be updated on rebuilds, unless the version label changes
-      image = "synfinatic/netflow2ng:v0.1.0";
-      cmd = [
-        "-a"
-        "0.0.0.0:2055"
-        "-m"
-        "0.0.0.0:8181"
-        "-z"
-        "tcp://127.0.0.1:5556"
-        "--log-level"
-        "debug"
-        "--tlv"
-      ];
-      extraOptions = [
-        "--network=host"
-      ];
-    };
   };
 
-  services.ntopng = {
+  services.immich = {
     enable = true;
-    httpPort = 8182;
-    interfaces = [ "tcp://0.0.0.0:5556" ];
-    extraConfig = ''
-      --dns-mode 1
-      --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN"'';
-  };
-
-  services.influxdb.enable = true;
-
-  services.geoipupdate = {
-    enable = true;
-    settings = {
-      AccountID = 1284637;
-      DatabaseDirectory = "/var/lib/GeoIP";
-      LicenseKey = {
-        _secret = "/root/maxmind_license_key";
-      };
-      EditionIDs = [
-        "GeoLite2-ASN"
-        "GeoLite2-City"
-        "GeoLite2-Country"
-      ];
-    };
-  };
-
-  services.adguardhome = {
-    enable = true;
-    # You can select any ip and port, just make sure to open firewalls where needed
-    host = "0.0.0.0";
-    port = 8183;
+    accelerationDevices = null;
+    port = 2283;
+    #host = "immich.kempinger.at";
+    #openFirewall = true;
   };
 
   # Nix settings
diff --git a/flake.lock b/flake.lock
index f064e0d..13ac270 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1768564909,
-        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "lastModified": 1763835633,
+        "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
         "type": "github"
       },
       "original": {
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index 736eb1d..00fcea4 100644
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,25 +1,13 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "ahci"
-    "xhci_pci"
-    "usbhid"
-    "usb_storage"
-    "sd_mod"
-  ];
+  boot.initrd.availableKernelModules =
+    [ "nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
@@ -32,19 +20,18 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/467A-A4E4";
     fsType = "vfat";
-    options = [
-      "fmask=0022"
-      "dmask=0022"
-    ];
+    options = [ "fmask=0022" "dmask=0022" ];
   };
 
   swapDevices = [ ];
-
+  
   fileSystems."/backup" = {
     device = "backup";
     fsType = "zfs";
   };
 
+
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }