diff --git a/hosts/cyper-proxy/configuration.nix b/hosts/cyper-proxy/configuration.nix
index 22152cb..3c04997 100644
--- a/hosts/cyper-proxy/configuration.nix
+++ b/hosts/cyper-proxy/configuration.nix
@@ -17,8 +17,20 @@
           prefixLength = 23;
         }
       ];
+      ipv6.addresses = [
+        {
+          address = "2a00:6800:3:1094::1";
+          prefixLength = 64;
+        }
+      ];
     };
     defaultGateway = "178.254.8.1";
+
+    defaultGateway6 = {
+      address = "2a00:6800:3::1";
+      interface = "ens3";
+    };
+
     nameservers = [
       "178.254.16.151"
       "178.254.16.141"
@@ -34,6 +46,11 @@
         "cyperpunk.de"
         "matrix.cyperpunk.de"
       ];
+
+      "2a00:6800:3:1094::1" = [
+        "cyperpunk.de"
+        "matrix.cyperpunk.de"
+      ];
     };
 
   };
diff --git a/nixos/roles/gitea.nix b/nixos/roles/gitea.nix
index 590787d..c83fb2e 100644
--- a/nixos/roles/gitea.nix
+++ b/nixos/roles/gitea.nix
@@ -79,6 +79,11 @@ in
     user = "gitea";
     group = "gitea";
 
+    lfs = {
+      enable = true;
+      #contentDir = "${config.services.gitea.stateDir}/data/lfs";
+    };
+
     database = {
       type = "postgres";
       host = "127.0.0.1";
@@ -98,6 +103,12 @@ in
         ROOT_URL = "https://${domain}/";
         DISABLE_SSH = false;
         START_SSH_SERVER = true;
+        LFS_START_SERVER = true;
+        LFS_JWT_SECRET_URI = "file://${config.sops.secrets."gitea/lfsJwtSecret".path}";
+      };
+
+      lfs = {
+        PATH = "${config.services.gitea.stateDir}/data/lfs";
       };
 
       metrics = {
diff --git a/nixos/roles/matrix/synapse.nix b/nixos/roles/matrix/synapse.nix
index 47318fd..4194074 100644
--- a/nixos/roles/matrix/synapse.nix
+++ b/nixos/roles/matrix/synapse.nix
@@ -34,7 +34,10 @@ in
       owner = "matrix-synapse";
       group = "matrix-synapse";
     };
-    pg_replication_password = { };
+    pg_replication_password = {
+      owner = "postgres";
+      group = "postgres";
+    };
   };
 
   services = {
@@ -66,6 +69,21 @@ in
         #  msc4222_enabled = true;
         #};
 
+        rc_login = {
+          address = {
+            per_second = 0.17;
+            burst_count = 10;
+          };
+          account = {
+            per_second = 0.17;
+            burst_count = 10;
+          };
+          failed_attempts = {
+            per_second = 0.17;
+            burst_count = 10;
+          };
+        };
+
         listeners = [
           {
             port = 8008;
@@ -91,7 +109,10 @@ in
             port = 9009;
             tls = false;
             type = "metrics";
-            bind_addresses = [ "127.0.0.1" ];
+            bind_addresses = [
+              "127.0.0.1"
+              "100.109.10.91"
+            ];
             resources = [ ];
           }
         ];
@@ -155,13 +176,22 @@ in
 
       settings = {
         wal_level = "replica";
-        max_wal_senders = 3;
+        max_wal_senders = 5;
         wal_keep_size = "512MB";
+        listen_addresses = lib.mkForce "127.0.0.1,100.109.10.91";
       };
 
       authentication = lib.mkAfter ''
         host replication replicator 100.0.0.0/8 scram-sha-256
       '';
+
+    };
+
+    prometheus.exporters.postgres = {
+      enable = true;
+      port = 9188;
+      runAsLocalSuperUser = true;
+      dataSourceName = "postgresql:///postgres?host=/run/postgresql&sslmode=disable";
     };
   };