diff --git a/services/grafana/default.nix b/services/grafana/default.nix
index ff16f71..172ff0e 100644
--- a/services/grafana/default.nix
+++ b/services/grafana/default.nix
@@ -189,7 +189,7 @@ in {
             job_name = "jellyfin";
             static_configs = [
               {
-                targets = ["192.168.1.42:9100"];
+                targets = ["192.168.1.42:9002"];
               }
             ];
           }
@@ -256,6 +256,15 @@ in {
               }
             ];
           }
+          {
+            job_name = "crowdsec_postgresql";
+            metrics_path = "/metrics";
+            static_configs = [
+              {
+                targets = ["192.168.1.13:6060"];
+              }
+            ];
+          }
         ];
       };
       loki = {
diff --git a/services/postgresql/default.nix b/services/postgresql/default.nix
index 5cc9d1c..7b75a54 100644
--- a/services/postgresql/default.nix
+++ b/services/postgresql/default.nix
@@ -45,9 +45,8 @@ in {
         localConfig = {
           acquisitions = [
             {
-              filenames = [
-                "/var/log/postgresql/*.log"
-              ];
+              source = "journalctl";
+              journalctl_filter = [ "_SYSTEMD_UNIT=postgresql.service" ];
               labels = {
                 type = "syslog";
               };
@@ -89,37 +88,37 @@ in {
           GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
         '';
       };
-      # Stolen from https://discourse.nixos.org/t/assign-password-to-postgres-user-declaratively/9726/3
-      # This is an awful situation
-      systemd.services.postgresql.postStart = let
-        nextcloudDBPass = config.age.secrets.nextcloudDBPass.path;
-        giteaDBPass = config.age.secrets.giteaDBPass.path;
-        authentikDBPass = config.age.secrets.authentikDBPass.path;
-        grafanaDBPass = config.age.secrets.grafanaDBPass.path;
-        onlyofficeDBPass = config.age.secrets.onlyofficeDBPass.path;
-      in ''
-        $PSQL -tA <<'EOF'
-          DO $$
-          DECLARE password TEXT;
-          BEGIN
-            password := trim(both from replace(pg_read_file('${nextcloudDBPass}'), E'\n', '''));
-            EXECUTE format('ALTER ROLE nextcloud WITH PASSWORD '''%s''';', password);
-
-            password := trim(both from replace(pg_read_file('${giteaDBPass}'), E'\n', '''));
-            EXECUTE format('ALTER ROLE gitea WITH PASSWORD '''%s''';', password);
-
-            password := trim(both from replace(pg_read_file('${authentikDBPass}'), E'\n', '''));
-            EXECUTE format('ALTER ROLE authentik WITH PASSWORD '''%s''';', password);
-
-            password := trim(both from replace(pg_read_file('${grafanaDBPass}'), E'\n', '''));
-            EXECUTE format('ALTER ROLE grafana WITH PASSWORD '''%s''';', password);
-
-            password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', '''));
-            EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password);
-          END $$;
-        EOF
-      '';
     };
+    # Stolen from https://discourse.nixos.org/t/assign-password-to-postgres-user-declaratively/9726/3
+    # This is an awful situation
+    systemd.services.postgresql.postStart = let
+      nextcloudDBPass = config.age.secrets.nextcloudDBPass.path;
+      giteaDBPass = config.age.secrets.giteaDBPass.path;
+      authentikDBPass = config.age.secrets.authentikDBPass.path;
+      grafanaDBPass = config.age.secrets.grafanaDBPass.path;
+      onlyofficeDBPass = config.age.secrets.onlyofficeDBPass.path;
+    in ''
+      $PSQL -tA <<'EOF'
+        DO $$
+        DECLARE password TEXT;
+        BEGIN
+          password := trim(both from replace(pg_read_file('${nextcloudDBPass}'), E'\n', '''));
+          EXECUTE format('ALTER ROLE nextcloud WITH PASSWORD '''%s''';', password);
+
+          password := trim(both from replace(pg_read_file('${giteaDBPass}'), E'\n', '''));
+          EXECUTE format('ALTER ROLE gitea WITH PASSWORD '''%s''';', password);
+
+          password := trim(both from replace(pg_read_file('${authentikDBPass}'), E'\n', '''));
+          EXECUTE format('ALTER ROLE authentik WITH PASSWORD '''%s''';', password);
+
+          password := trim(both from replace(pg_read_file('${grafanaDBPass}'), E'\n', '''));
+          EXECUTE format('ALTER ROLE grafana WITH PASSWORD '''%s''';', password);
+
+          password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', '''));
+          EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password);
+        END $$;
+      EOF
+    '';
     networking.firewall.allowedTCPPorts = [5432];
   };
 }
diff --git a/systems/minimalLXCConfig.nix b/systems/minimalLXCConfig.nix
index 2dfd7a5..9de7c03 100644
--- a/systems/minimalLXCConfig.nix
+++ b/systems/minimalLXCConfig.nix
@@ -112,9 +112,6 @@
         }
       ];
     };
-    fail2ban = {
-      enable = true;
-    };
     crowdsec = {
       enable = true;
       package = pkgs.crowdsec;
diff --git a/systems/minimalVMConfig.nix b/systems/minimalVMConfig.nix
index 9af15f2..8eeb24e 100644
--- a/systems/minimalVMConfig.nix
+++ b/systems/minimalVMConfig.nix
@@ -99,9 +99,6 @@
         }
       ];
     };
-    fail2ban = {
-      enable = true;
-    };
     crowdsec = {
       enable = true;
       package = pkgs.crowdsec;