diff --git a/flake.nix b/flake.nix
index 095c125..089d94b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -84,16 +84,16 @@
             }
           ];
         };
-#        template = nixpkgs.lib.nixosSystem {
-#          inherit system;
-#          modules = [
-#            agenix.nixosModules.default
-#            "${inputs.self}/systems/minimalVMConfig.nix"
-#            {
-#              networking.hostName = "nixos";
-#            }
-#          ];
-#        };
+        template = nixpkgs.lib.nixosSystem {
+          inherit system;
+          modules = [
+            agenix.nixosModules.default
+            "${inputs.self}/systems/minimalVMConfig.nix"
+            {
+              networking.hostName = "nixos";
+            }
+          ];
+        };
         jellyfin = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
diff --git a/secrets.nix b/secrets.nix
index 26b78f3..50c0927 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -11,7 +11,6 @@ in
 {
   "secrets/initialPassword.age".publicKeys = users ++ systems;
   "services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
-  "services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [ tbarnouin grafana ];
   "services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
   "services/onlyoffice/secrets/office-dbpass.age".publicKeys  = [ tbarnouin onlyoffice ];
   "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [ tbarnouin onlyoffice ];
diff --git a/services/grafana/default.nix b/services/grafana/default.nix
index 4afd0f1..20439a6 100644
--- a/services/grafana/default.nix
+++ b/services/grafana/default.nix
@@ -19,17 +19,11 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
-    age.secrets ={
-      grafana-db = {
-        file  = ./secrets/grafana-db.age;
-        owner = "grafana";
-      };
-      grafana-oauth_secret = {
-        file  = ./secrets/grafana-oauth_secret.age;
-        owner = "grafana";
-      };
-      kuma-token.file  = ./secrets/kuma-token.age;
+    age.secrets.grafana-db = {
+      file  = ./secrets/grafana-db.age;
+      owner = "grafana";
     };
+    age.secrets.kuma-token.file  = ./secrets/kuma-token.age;
     services.rsyslogd = {
       enable = true;
       extraConfig = ''
@@ -43,10 +37,10 @@ in
         module(load="imtcp")
         input(type="imtcp" port="514" ruleset="remote")
       '';
-    };
+    };  
     services.influxdb2 = {
       enable = true;
-    };
+    };  
     services.grafana = {
       enable = true;
       settings = {
@@ -65,19 +59,6 @@ in
           user     = "grafana";
           password = "\$__file{${config.age.secrets.grafana-db.path}}";
         };
-        "auth.generic_oauth" = {
-          enabled       = "true";
-          name          = "authentik";
-          allow_sign_up = "true";
-          client_id     = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";
-          client_secret = "\$__file{${config.age.secrets.grafana-oauth_secret.path}}";
-          scopes        = "openid email profile";
-          auth_url      = "https://authentik.le43.eu/application/o/authorize/";
-          token_url     = "https://authentik.le43.eu/application/o/token/";
-          api_url       = "https://authentik.le43.eu/application/o/userinfo/";
-          role_attribute_path = "contains(groups, 'admin') && 'Admin' || contains(groups, 'admin') && 'Editor' || 'Viewer';role_attribute_strict = false";
-          allow_assign_grafana_admin = "true";
-        };
       };
     };
     services.prometheus = {
diff --git a/services/grafana/secrets/grafana-oauth_secret.age b/services/grafana/secrets/grafana-oauth_secret.age
deleted file mode 100644
index 1d606ce..0000000
--- a/services/grafana/secrets/grafana-oauth_secret.age
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBtMm9n
-VGJyeEdFckZjWHNybm94b2crSE0wclE1QlRXZkVGMVk4U1hMdFJBCnhQL3FSdW9l
-cUdNNThIdDVwQkxZWEQ2ZXZuekpKcWxQNy9jZlVoTVArZEkKLT4gc3NoLWVkMjU1
-MTkgd25FVXB3IEtwTmV3ckQybkd3L3R0TFp0a2JMTzNiMmdyNkNyVkdHUkQyd0Fm
-cGkxamMKeGNCSmF6TCtkVXZ5WG5Cd1F6WmkxWjlRZ0FCZ0p1NklPcmw1bFJ6dFNv
-ZwotPiAoLWdyZWFzZSAzfUpGL0QgOEtFWXdwCnJCNTFoeTQzUVJlejRUakRqREVy
-WS8zTmh3aUptcE56RDBqMld3NXNKZwotLS0gRnlBdEc1cVZOeDFQblAwOVN1MDUx
-Yko2UEJ6UE14Z3haUW5XWjJzNFVodwrg7eJ6dnbIAjvsz/XoktAot7G1+u1UJsAE
-QkLEtM7DpcFEvESO3JOhuIO/l6qoWjDuksh7yNhdLv2uOKa7ZpM5Q0DGFnRke3Qk
-RU2E2UU4w30cmAXFm75NT2T9Po0R182Px25gV7fvfNHMHmONFJZRqNxS2IUDS20W
-hDqk+ea9mnYNG1icpmYPj56OpKt+mqrf6kSFuU+R6zwIcoKpMR2wCA==
------END AGE ENCRYPTED FILE-----
diff --git a/services/nginx/default.nix b/services/nginx/default.nix
index f637385..9095fcf 100644
--- a/services/nginx/default.nix
+++ b/services/nginx/default.nix
@@ -61,7 +61,7 @@ in
 
           # Enable CSP for your services.
           #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header Content-Security-Policy "frame-ancestors self *.le43.eu; upgrade-insecure-requests; frame-src 'self' http://office.le43.eu;";
+          add_header Content-Security-Policy "frame-ancestors self cloud.le43.eu office.le43.eu; upgrade-insecure-requests; frame-src 'self' http://office.le43.eu;";
 
 
           # Minimize information leaked to other domains