diff --git a/flake.lock b/flake.lock
index d20a356..be4309b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -37,11 +37,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1736005916,
-        "narHash": "sha256-a/sqKV5GvqEcQEGfUGQkhWaUnqIRi8oiDAHbBG1oFZg=",
+        "lastModified": 1736445563,
+        "narHash": "sha256-+f1MWPtja+LRlTHJP/i/3yxmnzo2LGtZmxtJJTdAp8o=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "5db6f7711a28abd4b6bbe152c8a7de9d00b1e30d",
+        "rev": "bf5a5bf42189ff5f468f0ff26c9296233a97eb6c",
         "type": "github"
       },
       "original": {
@@ -53,16 +53,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1734959339,
-        "narHash": "sha256-CkUmsVKzAQ/VWIhtxWxlcGtrWVa8hxqsMqvfcsG5ktA=",
+        "lastModified": 1736440980,
+        "narHash": "sha256-Z3rFFrXrOKaF9NpY/fInsEbzdOWnWqLfEYl7YX9hFEU=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "e87a17fd8169d3fa92bcc47eb2743928df83bc95",
+        "rev": "9d81f0598c7735e2b4616ee865ab896056a67408",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2024.12.1",
+        "ref": "version/2024.12.2",
         "repo": "authentik",
         "type": "github"
       }
@@ -609,11 +609,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735344290,
-        "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
+        "lastModified": 1736373539,
+        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
+        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
         "type": "github"
       },
       "original": {
@@ -645,11 +645,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1734945620,
-        "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
+        "lastModified": 1736688610,
+        "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
+        "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7",
         "type": "github"
       },
       "original": {
@@ -1030,11 +1030,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1736061677,
-        "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
+        "lastModified": 1737299813,
+        "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
+        "rev": "107d5ef05c0b1119749e381451389eded30fb0d5",
         "type": "github"
       },
       "original": {
@@ -1046,11 +1046,11 @@
     },
     "nixpkgs_8": {
       "locked": {
-        "lastModified": 1735834308,
-        "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
+        "lastModified": 1737062831,
+        "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
+        "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
         "type": "github"
       },
       "original": {
@@ -1067,11 +1067,11 @@
         "treefmt-nix": "treefmt-nix_2"
       },
       "locked": {
-        "lastModified": 1736136610,
-        "narHash": "sha256-pVNRdhEA32ZyiernLrsvpzxxCw2zV7lbw5lzYhHcPU8=",
+        "lastModified": 1737464637,
+        "narHash": "sha256-St/dzvMCXfPPZNJME5bi86n4mEuohG9pMKp+a9l5ZqI=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "c03408924cf08dea2eb171942d6b3e463b2741dc",
+        "rev": "a44b412c5d24f7bb55d81370501a8f9e6e824ec6",
         "type": "github"
       },
       "original": {
@@ -1334,11 +1334,11 @@
     },
     "unstable": {
       "locked": {
-        "lastModified": 1735834308,
-        "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
+        "lastModified": 1737062831,
+        "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
+        "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
         "type": "github"
       },
       "original": {
@@ -1350,11 +1350,11 @@
     },
     "vpsadminos": {
       "locked": {
-        "lastModified": 1734458258,
-        "narHash": "sha256-xZEbuwAAbxwujrGtuydDNBjzMLnE9YOcuLv3hdudZe4=",
+        "lastModified": 1737136524,
+        "narHash": "sha256-wMy7IbQs87VUxJOqRSbfFIdxRRTUBQh8G1L/zwI36vY=",
         "owner": "vpsfreecz",
         "repo": "vpsadminos",
-        "rev": "83ddccf4462f155f12596af773e9291d7ebc37a3",
+        "rev": "0af10d77ca146293b2ed19d5dcfd98474f1fc285",
         "type": "github"
       },
       "original": {
diff --git a/home/modules/baseline.nix b/home/modules/baseline.nix
index 46f7432..70f0e83 100644
--- a/home/modules/baseline.nix
+++ b/home/modules/baseline.nix
@@ -21,7 +21,8 @@ in {
         # this shouldnt be on baseline, as servers have no GUI
         enable = true;
         xdgOpenUsePortal = true;
-        configPackages = with pkgs; [xdg-desktop-portal-gtk];
+        extraPortals = with pkgs; [xdg-desktop-portal-gtk]; #wtf is this
+        configPackages = with pkgs; [xdg-desktop-portal-gtk]; #wtf is this
       };
     };
 
diff --git a/sys/platforms/vps/srv/default.nix b/sys/platforms/vps/srv/default.nix
index cf7adb0..5fedff9 100644
--- a/sys/platforms/vps/srv/default.nix
+++ b/sys/platforms/vps/srv/default.nix
@@ -21,5 +21,6 @@ with lib; {
     ./trilium.nix
     # ./firefly.nix gnucash is better
     ./roundcube.nix
+    ./syncthing.nix
   ];
 }
diff --git a/sys/platforms/vps/srv/syncthing.nix b/sys/platforms/vps/srv/syncthing.nix
new file mode 100644
index 0000000..0f08487
--- /dev/null
+++ b/sys/platforms/vps/srv/syncthing.nix
@@ -0,0 +1,44 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  users.groups.syncthingnginx.members = ["acme" "syncthing" "nginx"];
+  security.acme.certs."cloud.posixlycorrect.com".group = "syncthingnginx";
+
+  networking.firewall.allowedTCPPorts = [22000];
+  networking.firewall.allowedUDPPorts = [22000 21027];
+
+  services = {
+    nginx = {
+      virtualHosts."cloud.posixlycorrect.com" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8384";
+        };
+      };
+    };
+
+    syncthing = {
+      enable = true;
+      systemService = true;
+      overrideFolders = false;
+      overrideDevices = false;
+      openDefaultPorts = false;
+      key = "/var/lib/acme/cloud.posixlycorrect.com/key.pem";
+      cert = "/var/lib/acme/cloud.posixlycorrect.com/cert.pem";
+      guiAddress = "127.0.0.1:8384";
+      settings = {
+        options = {
+          urAccepted = -1;
+        };
+      };
+    };
+  };
+}
diff --git a/sys/platforms/vps/srv/trilium.nix b/sys/platforms/vps/srv/trilium.nix
index e129eba..5662300 100644
--- a/sys/platforms/vps/srv/trilium.nix
+++ b/sys/platforms/vps/srv/trilium.nix
@@ -18,6 +18,7 @@ with lib; {
 
     trilium-server = {
       enable = true;
+      package = pkgs.trilium-next-server;
       host = "127.0.0.1";
       port = 8458;
       noAuthentication = false;