diff --git a/modules/servers/jellyfin.nix b/modules/servers/jellyfin.nix
index 06c2022..0eaf6a9 100644
--- a/modules/servers/jellyfin.nix
+++ b/modules/servers/jellyfin.nix
@@ -15,8 +15,8 @@ in {
         enable = true;
         appendHttpConfig = ''
           # JELLYFIN
-          proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m;
-          proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off;
+          proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m;
+          proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=1d use_temp_path=off;
           map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
           map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
         '';
diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix
index 70765c3..481ad1b 100644
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@@ -24,6 +24,13 @@ in {
   };
   config = lib.mkIf
     (config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) {
+      sops.secrets = {
+        smtp-password = { };
+        nextcloud-adminpass = {
+          owner = config.users.users.jawz.nextcloud;
+          inherit (config.users.users.jawz) group;
+        };
+      };
       nixpkgs.config.permittedInsecurePackages =
         [ "nodejs-14.21.3" "openssl-1.1.1v" ];
       environment.systemPackages = with pkgs; [ mediainfo dlib ];
@@ -53,7 +60,7 @@ in {
           tls = true;
           from = "stunner6399@gmail.com";
           user = "stunner6399@gmail.com";
-          password = "eqyctcgjdykqeuwt";
+          passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
         };
       };
       services = {
@@ -71,8 +78,7 @@ in {
             inherit (config.services.nextcloud.package.packages.apps) calendar;
           };
           config = {
-            adminpassFile = "${pkgs.writeText "adminpass"
-              "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
+            adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
             dbtype = "pgsql";
             dbhost = config.my.postgresSocket;
             dbtableprefix = "oc_";
diff --git a/secrets/env.yaml b/secrets/env.yaml
index 19a6583..ef53996 100644
--- a/secrets/env.yaml
+++ b/secrets/env.yaml
@@ -3,6 +3,7 @@ ryot: ENC[AES256_GCM,data:Vlo6pv2+LuQxvdprI53BoQpngRfUWhqE07o+9ZKLZiaJBC6FCdFbeu
 mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str]
 maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8bM65uYFmiOtk+jHgt6j3kO/pBBlC4w/iTElphTqFyFRGdBN4fNRntAhMzqOszBZII,iv:Vf9hfNwSTBkh2cXV7Y2fv4NA8kng2M1i7BtTXJvy4u4=,tag:KLc8sP6N2/Pp/9069E3aPQ==,type:str]
 multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str]
+vaultwarden: ENC[AES256_GCM,data:x1O0CEOVkwMBEZGppduQomKrc3oYQOUKQLo9Tp/NHdg1+TjyRHPGNfbqYLhbrFxWpokf2goZk70BkTOun9AgA5JUCbz8QgW/I44HC39m3hGABxeuHgfmmmkbqc6y4HMzxZWGqhbfkVKkJIdx8J9aJWxjjjK1/NeaXD0s49G9G6zeXeMA1Q0dZSrLw3orFUpnhwiMcc/qmQWoX8+8s9/WUg+/Jhbq/ig486AmXeayOv3xH7WNElv/8mqz5hvLMrDeKVFISNiV1xRvq8PsvbmgPdI6Vv7yIuu44LiqEFzrzgIbIj6ueBjiodd4jTf0tpqTpus8VV8QH/mtCdJodaHkHrI=,iv:xgIdZSUFi+bBBiDdAA2nLc7mXPSd2NG4Vz0tvZJ+Mpc=,tag:t3gnwb783Tub7cofG2Ppjg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -45,8 +46,8 @@ sops:
             QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
             9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-23T01:19:23Z"
-    mac: ENC[AES256_GCM,data:LoLGUFWe23p0KKPxfOnpVylNk5G5uTTpUYGS8vNhEO8ERTfT5PmLQQgnLTNkPGq4ehA+BPDXJtkBpUrpVs7EsVNOzxruLAiGksBlJ0nUd7K4/LKCrInRubkgK1Ipo6kNipPVyeQiypyyaFB7rTTRPsDwd3BNtOT53fdT8zRP5ug=,iv:+mymI1XDKfIp1tDFDZMMJ/LIO7qcwE+tKRD5OD2HRkA=,tag:gvizKWQZqXsAd2egQfeMoA==,type:str]
+    lastmodified: "2024-06-25T01:05:24Z"
+    mac: ENC[AES256_GCM,data:hJZxqNIjxWM3FyKuzx1pU7c7kKElk/ptEs19uXnHU9GtCuWccys+kmCOU1Y/RbhBmBCTdnNUcWPisXniRIb38Zgh8qWRulUPcQV1qW7RnBaNqp9cK+GEUoTmYnw+QaSWmsOqskp39SMOuOyzIbpy1C55jRvPvJLyAk1MSMSCJ8Q=,iv:Bsl7u5SMLyX5F+TXbSlhJRTLNpsdsFoH0yFIJ5oID0M=,tag:49nZEnoleMZR1Z0rRwiRNw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index a93cea7..63e233a 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,4 +1,6 @@
 jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
+smtp-password: ENC[AES256_GCM,data:KAIn6lp6JXY39SgMPGP3tQ==,iv:Mgmo9bLT3iIGXw6THqJO6+IuPV65VXo1+vE3PrmS44Y=,tag:8urcnZtccaPJSOuHiZAp5A==,type:str]
+nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
 resilio:
     host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str]
     user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str]
@@ -46,8 +48,8 @@ sops:
             RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
             QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-23T01:19:22Z"
-    mac: ENC[AES256_GCM,data:59icrE+rEiuzBY0V8DwZ1XXupMXHUrSBszIOYX3knCAecW5rckeu2tWECJMHAoiXF+NdvCB3MgF+PZ8Gr4GKdz6Og/x2qX0q9pmoHxZCEt2poagcTG5HQ91aH5niTE0wRgzkFSuayldB9lXIJUvsl1CJw2OhjrVDm6ZRAE0fN5I=,iv:wlm4O6zHYFbRxh+XXQIW/v0aC2dqyKyFOuUh1C2HIG4=,tag:WZ2N16qIwZts+Exn12Jg7g==,type:str]
+    lastmodified: "2024-06-25T00:47:48Z"
+    mac: ENC[AES256_GCM,data:410HyLmJ4FhCp6pFqAG9Mf7cwIQdalsh6bZ5feAu8P1vcJrTLefZskWIbjD6aQNKucDjS5CMPJd/7oP8wyc2XHKRqFO9CLSJ7wi6OmNaw/qevQxy4PSj5w44gd5/OI5aE2nN+X1R03PYSYEIs5SImwHBxN/fYR+WprAsbO1Ygrw=,iv:fgG5i3+rNtN4YzIL97+6cHP4cL2xXf0pgfsYbetGE2g=,tag:qu7vzzDnhDpW1dwu8TYCXg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1