diff --git a/configuration/default.nix b/configuration/default.nix
index 6f93440..6cda9b9 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -15,6 +15,7 @@
     (import ../modules)
 
     ./services/afvalcalendar.nix
+    ./services/auth.nix
     ./services/backups.nix
     ./services/battery-manager.nix
     ./services/conduit.nix
diff --git a/configuration/services/auth.nix b/configuration/services/auth.nix
new file mode 100644
index 0000000..cd78111
--- /dev/null
+++ b/configuration/services/auth.nix
@@ -0,0 +1,95 @@
+{
+  pkgs,
+  config,
+  ...
+}: let
+  user = config.services.authelia.instances.main.user;
+  domain = "auth.${config.services.nginx.domain}";
+in {
+  services.authelia.instances.main = {
+    enable = true;
+    settings = {
+      theme = "auto";
+
+      access_control.default_policy = "one_factor";
+
+      authentication_backend = {
+        password_reset.disable = true;
+        file.path = "/var/lib/authelia-main/users.yml";
+      };
+
+      notifier.filesystem.filename = "/var/lib/authelia-main/notification.txt";
+
+      session = {
+        domain = config.services.nginx.domain;
+        redis.host = config.services.redis.servers.authelia.unixSocket;
+      };
+
+      storage.postgres = {
+        host = "/run/postgresql";
+        port = 5432;
+        database = user;
+        username = user;
+
+        password = "unnecessary";
+      };
+    };
+
+    secrets = {
+      storageEncryptionKeyFile = config.sops.secrets."authelia/storageEncryptionKey".path; # Database
+      sessionSecretFile = config.sops.secrets."authelia/sessionSecret".path; # Redis
+      jwtSecretFile = config.sops.secrets."authelia/jwtSecret".path;
+    };
+  };
+
+  systemd.services.authelia-main.after = ["postgresql.service"];
+
+  services.nginx = {
+    # TODO(tlater): Possibly remove on next authelia release
+    additionalModules = with pkgs.nginxModules; [
+      develkit
+      set-misc
+    ];
+
+    virtualHosts."${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      enableHSTS = true;
+
+      locations = {
+        "/" = {
+          proxyPass = "http://127.0.0.1:9091";
+          recommendedProxySettings = false;
+          enableAutheliaProxy = true;
+        };
+
+        "/api/verify" = {
+          proxyPass = "http://127.0.0.1:9091";
+          recommendedProxySettings = false;
+        };
+      };
+    };
+  };
+
+  services.redis.servers.authelia = {
+    inherit user;
+    enable = true;
+  };
+
+  sops.secrets = {
+    "authelia/storageEncryptionKey" = {
+      owner = user;
+      group = user;
+    };
+
+    "authelia/sessionSecret" = {
+      owner = user;
+      group = user;
+    };
+
+    "authelia/jwtSecret" = {
+      owner = user;
+      group = user;
+    };
+  };
+}
diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix
index eb5106e..1136a17 100644
--- a/configuration/services/metrics/grafana.nix
+++ b/configuration/services/metrics/grafana.nix
@@ -40,6 +40,7 @@ in {
     forceSSL = true;
     useACMEHost = "tlater.net";
     enableHSTS = true;
+    enableAuthorization = true;
     locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
   };
 }
diff --git a/configuration/services/postgres.nix b/configuration/services/postgres.nix
index 018dc6e..4ec1e83 100644
--- a/configuration/services/postgres.nix
+++ b/configuration/services/postgres.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   services.postgresql = {
     package = pkgs.postgresql_14;
     enable = true;
@@ -24,11 +28,16 @@
         name = "nextcloud";
         ensureDBOwnership = true;
       }
+      {
+        name = config.services.authelia.instances.main.user;
+        ensureDBOwnership = true;
+      }
     ];
 
     ensureDatabases = [
       "grafana"
       "nextcloud"
+      config.services.authelia.instances.main.user
     ];
   };
 }
diff --git a/flake.lock b/flake.lock
index be3a0e2..dce5748 100644
--- a/flake.lock
+++ b/flake.lock
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712356478,
-        "narHash": "sha256-kTcEtrQIRnexu5lAbLsmUcfR2CrmsACF1s3ZFw1NEVA=",
+        "lastModified": 1714103775,
+        "narHash": "sha256-kcBiIrmqzt3bNTr2GMBfAyA+on8BEKO1iKzzDFQZkjI=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "0a17298c0d96190ef3be729d594ba202b9c53beb",
+        "rev": "285e26465a0bae510897ca04da26ce6307c652b4",
         "type": "github"
       },
       "original": {
@@ -157,11 +157,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710638592,
-        "narHash": "sha256-R6477tybK4LBP8MKlmMyvndTcZR1Ofi/XA9nDEVcViY=",
+        "lastModified": 1712623723,
+        "narHash": "sha256-jPD5+M+QPyMRk52zfFMIeHdv7yXYJ/yNGqwS0PhYF+E=",
         "owner": "reckenrode",
         "repo": "nix-foundryvtt",
-        "rev": "0e61d84370fd051d873216553d09e596b7ad3a34",
+        "rev": "6025615b431170558c3c13f16b549fc0126425e1",
         "type": "github"
       },
       "original": {
@@ -210,11 +210,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1712437997,
-        "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
+        "lastModified": 1713638189,
+        "narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
+        "rev": "74574c38577914733b4f7a775dd77d24245081dd",
         "type": "github"
       },
       "original": {
@@ -226,11 +226,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1712439257,
-        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
+        "lastModified": 1714253743,
+        "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
+        "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
         "type": "github"
       },
       "original": {
@@ -242,11 +242,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1712437997,
-        "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
+        "lastModified": 1714272655,
+        "narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
+        "rev": "12430e43bd9b81a6b4e79e64f87c624ade701eaf",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712538578,
-        "narHash": "sha256-+fFOtg2fQK6kafSucYDpMG8ENXgo52+YSQtCoXv/+Ik=",
+        "lastModified": 1713333471,
+        "narHash": "sha256-sIVQKOXzruxtTYiBRHZa8UQH+CSIa9K5MZlY6vavYfA=",
         "owner": "berberman",
         "repo": "nvfetcher",
-        "rev": "1463db224a54cbc9499860ef5a51a9b6bf7c3180",
+        "rev": "2a824322dc6a755ffda83a13b948d42304521e4d",
         "type": "github"
       },
       "original": {
@@ -442,11 +442,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1712458908,
-        "narHash": "sha256-DMgBS+jNHDg8z3g9GkwqL8xTKXCRQ/0FGsAyrniVonc=",
+        "lastModified": 1713892811,
+        "narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "39191e8e6265b106c9a2ba0cfd3a4dafe98a31c6",
+        "rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index f9941ba..ae22b2e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -140,9 +140,17 @@
         sops-nix.packages.${system}.sops-import-keys-hook
       ];
 
-      packages = [
+      packages = with pkgs; [
         sops-nix.packages.${system}.sops-init-gpg-key
         deploy-rs.packages.${system}.default
+
+        cargo
+        clippy
+        rustc
+        rustfmt
+        rust-analyzer
+        pkg-config
+        openssl
       ];
     };
   };
diff --git a/keys/production.yaml b/keys/production.yaml
index da90860..43b3578 100644
--- a/keys/production.yaml
+++ b/keys/production.yaml
@@ -1,4 +1,6 @@
-hetzner-api: ENC[AES256_GCM,data:OsUfo86AzcBe/OELkfB5brEfsZ4gkbeehxwIVUBwQgE=,iv:Bt/cjlZ6oZEVUOQjWMDL7/mfL3HWLFAw1tEGeLMgeKg=,tag:TMU2XiHlMgP4aes10mIQYQ==,type:str]
+authelia:
+    storageEncryptionKey: ENC[AES256_GCM,data:OUCC+6Gcr6U7Mub1+DaIyswTV6da1wd1u0WGEm4wpJ8L0mi7WSpEmVjH79YyRhp7AmiZhdFFDXFeEYthBb2AZl+xoS9gqs6rWyfU4ezaCbXBiS/dIhsA5foPg13wq5A33qJWtPTy7DJEgqHaIonnaBuVJIBwH3wzPTHc3bDvBo4=,iv:intiZzngz5cMTtjEI9rTKMW0Xv3KB3ZEgtYN3amwKCE=,tag:AKxfbeZlPs54esHCsVnNCg==,type:str]
+    sessionSecret: ENC[AES256_GCM,data:GEMWhBltOIOs0g9FsWk3OQGs6dMcbwz3ZuhlyBFYROylsIZb4xTXWLgNwIpHwQukQU3TgvIxbCW/fGRWiALPanE2koSVAHNx0UU0hj1mVNRFQGK4H3EL10tPp7l4PofrcdeCbLPrOwM/xLOuPt+52sKlcbL2Awz5/MmpUVpCKXc=,iv:kWX2ptOpTgW3obBgri0MvVv6gCEPR3o77sldOXFQeks=,tag:je4pqLcEOhuBTQkoZHYNCw==,type:str]
 battery-manager:
     email: ENC[AES256_GCM,data:rYLUACXR/n+bLBmZ,iv:sUBEkh2+7qGjHZ5R23e/hoCiyTA7GTL4bJvXmxjZ5Sw=,tag:fdPMllaQQfRgX0WZKIre4g==,type:str]
     password: ENC[AES256_GCM,data:7cokZa6Q6ahSeiFPz+cV,iv:vz405P0IcG9FsAQXlY7mi78GuushQUKJm2irG6buGzc=,tag:JLHG2jTkJDGbinAq9dXRsQ==,type:str]
@@ -32,8 +34,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-04-15T23:13:18Z"
-    mac: ENC[AES256_GCM,data:3/v+WgSWJ+VcBSBe1Wkis3z+tMmSjbKzLFqBB8xugc6DvgQG8J+1HRrPucLnpNNtEdmpyoTa72U6fPm6JnyUsuj5pLEghLprOJkqQNdRI06fllhw+9d3e3twx6D4oIIsVH6/io4ElXrGsGQTsfNbYhgn+987wa3WP5N25fBac3U=,iv:FL3tzPutOMN6IPkQfXIu/JOZT+OzUSqpMSQrUeXZQHE=,tag:jL1BTsYTA9XjrsjFszxZhA==,type:str]
+    lastmodified: "2024-04-11T23:38:56Z"
+    mac: ENC[AES256_GCM,data:GjIB0EbWsh4o+QoFSyIXgGYnNhRlvfSmue1LyTt6oUlIjNgODhdIB8px8LnRo0rmm/f1YHbDq2MFOxlgdm3PTNaqm/MoKyW3r/wuAeWADsYayQszLNxyhTMXcjWtfm6zCRIuc/+YyM44pXRfVrOZRAin9B6pmJZsRJwBAZpogbU=,iv:r/ZQZvrP0E9dOW5fhBH2I21Z0uv2e3njdEGmadxEALg=,tag:iZvbGTvRJFo80n8aoKSSmQ==,type:str]
     pgp:
         - created_at: "2024-03-18T04:02:00Z"
           enc: |-
diff --git a/keys/staging.yaml b/keys/staging.yaml
index 17e7875..ebdd628 100644
--- a/keys/staging.yaml
+++ b/keys/staging.yaml
@@ -1,4 +1,7 @@
-hetzner-api: ENC[AES256_GCM,data:1Zjp003j60g=,iv:+vDcyiqYm4A9CMIrW4oGZKdZiczatBcvfL4qYYhKwCg=,tag:Xeu8JuRm+b+5RO+wFR2M8w==,type:str]
+authelia:
+    storageEncryptionKey: ENC[AES256_GCM,data:8X6Zvq7ct1MkMH+lc5kTTHXOo6rGyhSzc3aWxGRA5tnBet+TGcENo0RYTYmactsPGVpTIUGGplaG7B7dqRPhkdDHhbCCZCm2nLaYjpVJ241DrpUNKHn8lvg/bMxUQ/Dvw76ByYuWN6bREr3XRaBztBSPzld8zTSYx71I0CKY7vk=,iv:cJSwfuVWO39qqKCGt2Mvw7pN8+hD6kRH9v4c/u4hLuk=,tag:YhdlXuX2ETxjb443RI8MsA==,type:str]
+    sessionSecret: ENC[AES256_GCM,data:dnoWmc4HND62w3jMXL+akncAEb61c/I70DgRytx55Wxcn4rMiswp6zCkRdsP4CkouTQ1lyAcQrubp5I8M9Kyow/KBMYz9dPkr4+2xJ9w0SEmAVhyPe2DFvYos3x0Uvx5S0B3o1mXoXqbg78e4w5yEIbALiJT8VPGrWK8Cl4nVPo=,iv:FHDXUW2DWUmEZzWUYkYduogdVOtvMlRH4/fVg05cZaI=,tag:u282WQnHpBsZGYJH7mFFKA==,type:str]
+    jwtSecret: ENC[AES256_GCM,data:0M3AyoMp+orrljl5NsxmthzrHMmu0REcz7+9fpFKbwwqV6KqlpgGddjYZIsTpHEWEq9zhZ2YWLJkMxKdDgROVHUFZGKut28JPSAjjY+1V0wxNBnfSCnxEv5BUw2+cCxcpCwYQyNfRK6SotTt8aqpxvda4oRXpzxV6SW7ogDjc6E=,iv:D57SynZkW2JuFyX6bpZYkxpR2KtkOmKaySg1Bxim0r8=,tag:JCPGZaumdHrtgcH16A7b+g==,type:str]
 battery-manager:
     email: ENC[AES256_GCM,data:LM/EGzWHfVQ=,iv:jFaoUQuUfuGoOyj/GFpdI8TerH/c8D9fjvio+IEt2Tc=,tag:IWLiN011JEnHRLIXWQgfmA==,type:str]
     password: ENC[AES256_GCM,data:SUxjqS7SJHM=,iv:LvdKk88S+nSImh6/ZezbFGLCUBu1Lpdu+neF2xyHdBg=,tag:rcMyZuW4FVNbcbz00wQKBg==,type:str]
@@ -32,8 +35,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-04-15T23:13:27Z"
-    mac: ENC[AES256_GCM,data:JhEVrKF2Jsqpdztcr3g5lMrgEFeLXfBRQTwQJ6PmLSNyDORcTU09TJPNWTPDnR5okDrvIU/wlzi5DZ8A0ebNhrKf6l0tNFBT9LSvQFHU5SBxqY/m8uEJKSrEC4IL5lugOOISDka2KSvYXVCXrumMHE5FnmOS/CgOZaZk6LUjPYA=,iv:ygygnSedcTo2Vsc56s2qrz1qkWchvSgvoiMTebRxQQ8=,tag:vf6z8rxsXmqzwpDy9Avifw==,type:str]
+    lastmodified: "2024-04-12T01:00:31Z"
+    mac: ENC[AES256_GCM,data:fVnMwfvGi7vtP1Fg4NLrhGvLF2PcIgZPOcwk4Ssm4iw5iSj0K1npOX3pd5BWzyszqchfYYRHY99GllAump0bZmprVAld9rf70B2HZIVvowBPuUXfc9Cz/5q0z+s8bQ5vCdElW1Bh7h8W/POePdc8cFGAyBS4i1ZVNheIDOHdDjI=,iv:Bi6rekXOx3/dwwPRryF3CoAoQi3D06ABysRF1oBeG5A=,tag:0TCra+AkhBDczj4uvAzKMw==,type:str]
     pgp:
         - created_at: "2023-12-29T15:25:27Z"
           enc: |
diff --git a/modules/nginxExtensions.nix b/modules/nginxExtensions.nix
index 9fe489a..8c19cc0 100644
--- a/modules/nginxExtensions.nix
+++ b/modules/nginxExtensions.nix
@@ -11,12 +11,72 @@
     };
 
     services.nginx.virtualHosts = let
+      autheliaDomain = "auth.${config.services.nginx.domain}";
+      extraLocationOptions = {config, ...}: {
+        options = {
+          enableAutheliaProxy = lib.mkEnableOption "Enable recommended authelia proxy settings";
+          enableAuthorization = lib.mkEnableOption "Enable authorization via authelia";
+        };
+
+        config = {
+          recommendedProxySettings = lib.mkIf config.enableAutheliaProxy false;
+
+          extraConfig = lib.concatStringsSep "\n" [
+            (lib.optionalString config.enableAutheliaProxy ''
+              proxy_set_header Host $host;
+              proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+              proxy_set_header X-Forwarded-Proto $scheme;
+              proxy_set_header X-Forwarded-Host $http_host;
+              proxy_set_header X-Forwarded-URI $request_uri;
+              proxy_set_header X-Forwarded-Ssl on;
+              proxy_set_header X-Forwarded-For $remote_addr;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header Connection "";
+
+              client_body_buffer_size 128k;
+              proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+              proxy_redirect http:// $scheme://;
+              proxy_http_version 1.1;
+              proxy_cache_bypass $cookie_session;
+              proxy_no_cache $cookie_session;
+              proxy_buffers 64 256k;
+
+              real_ip_header X-Forwarded-For;
+              real_ip_recursive on;
+
+              send_timeout 5m;
+              proxy_read_timeout 360;
+              proxy_send_timeout 360;
+              proxy_connect_timeout 360;
+            '')
+            (lib.optionalString config.enableAuthorization ''
+              auth_request /authelia;
+
+              set_escape_uri $target_url $scheme://$http_host$request_uri;
+
+              auth_request_set $user $upstream_http_remote_user;
+              auth_request_set $groups $upstream_http_remote_groups;
+              auth_request_set $name $upstream_http_remote_name;
+              auth_request_set $email $upstream_http_remote_email;
+
+              proxy_set_header Remote-User $user;
+              proxy_set_header Remote-Groups $groups;
+              proxy_set_header Remote-Email $email;
+              proxy_set_header Remote-Name $name;
+
+              error_page 401 =302 https://${autheliaDomain}/?rd=$target_url;
+            '')
+          ];
+        };
+      };
+
       extraVirtualHostOptions = {
         name,
         config,
         ...
       }: {
         options = {
+          enableAuthorization = lib.mkEnableOption "Enable authorization via authelia";
           enableHSTS = lib.mkEnableOption "Enable HSTS";
 
           addAccessLog = lib.mkOption {
@@ -26,6 +86,10 @@
               Add special logging to `/var/log/nginx/''${serverName}`
             '';
           };
+
+          locations = lib.mkOption {
+            type = lib.types.attrsOf (lib.types.submodule extraLocationOptions);
+          };
         };
 
         config = {
@@ -37,6 +101,41 @@
               access_log /var/log/nginx/${name}/access.log upstream_time;
             '')
           ];
+
+          locations = lib.mkIf config.enableAuthorization {
+            "/".enableAuthorization = true;
+            "/authelia" = {
+              proxyPass = "http://127.0.0.1:9091/api/verify";
+              recommendedProxySettings = false;
+              extraConfig = ''
+                internal;
+
+                proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+                proxy_set_header X-Original-Method $request_method;
+                proxy_set_header X-Forwarded-Method $request_method;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Forwarded-Host $http_host;
+                proxy_set_header X-Forwarded-Uri $request_uri;
+                proxy_set_header X-Forwarded-For $remote_addr;
+                proxy_set_header Content-Length "";
+                proxy_set_header Connection "";
+
+                proxy_pass_request_body off;
+                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+                proxy_redirect http:// $scheme://;
+                proxy_http_version 1.1;
+                proxy_cache_bypass $cookie_session;
+                proxy_no_cache $cookie_session;
+                proxy_buffers 4 32k;
+                client_body_buffer_size 128k;
+
+                send_timeout 5m;
+                proxy_read_timeout 240;
+                proxy_send_timeout 240;
+                proxy_connect_timeout 240;
+              '';
+            };
+          };
         };
       };
     in
diff --git a/pkgs/_sources_nextcloud/generated.json b/pkgs/_sources_nextcloud/generated.json
index c45e204..ce9ac04 100644
--- a/pkgs/_sources_nextcloud/generated.json
+++ b/pkgs/_sources_nextcloud/generated.json
@@ -77,10 +77,10 @@
         "passthru": null,
         "pinned": false,
         "src": {
-            "sha256": "sha256-h6RWWIQzpwObDmcGnZPwVwIJZFUXgggeCKBNwI/wDIo=",
+            "sha256": "sha256-ydpxatwuZUz7XIgK8FMklZlxNQklpsP8Uqpxvt3iK0k=",
             "type": "tarball",
-            "url": "https://github.com/nextcloud/notes/releases/download/v4.9.4/notes.tar.gz"
+            "url": "https://github.com/nextcloud/notes/releases/download/v4.10.0/notes.tar.gz"
         },
-        "version": "v4.9.4"
+        "version": "v4.10.0"
     }
 }
\ No newline at end of file
diff --git a/pkgs/_sources_nextcloud/generated.nix b/pkgs/_sources_nextcloud/generated.nix
index 1d0f3a0..c77aa9c 100644
--- a/pkgs/_sources_nextcloud/generated.nix
+++ b/pkgs/_sources_nextcloud/generated.nix
@@ -43,10 +43,10 @@
   };
   notes = {
     pname = "notes";
-    version = "v4.9.4";
+    version = "v4.10.0";
     src = fetchTarball {
-      url = "https://github.com/nextcloud/notes/releases/download/v4.9.4/notes.tar.gz";
-      sha256 = "sha256-h6RWWIQzpwObDmcGnZPwVwIJZFUXgggeCKBNwI/wDIo=";
+      url = "https://github.com/nextcloud/notes/releases/download/v4.10.0/notes.tar.gz";
+      sha256 = "sha256-ydpxatwuZUz7XIgK8FMklZlxNQklpsP8Uqpxvt3iK0k=";
     };
   };
 }
diff --git a/pkgs/afvalcalendar/src/main.rs b/pkgs/afvalcalendar/src/main.rs
index b6a5fb0..e8023f7 100644
--- a/pkgs/afvalcalendar/src/main.rs
+++ b/pkgs/afvalcalendar/src/main.rs
@@ -3,8 +3,13 @@ mod trash;
 
 #[tokio::main]
 async fn main() {
-    let dates = trash::get_pickup_dates().await.unwrap();
-    let calendar = calendar::calendar_from_pickup_dates(dates);
-
-    calendar.print().unwrap();
+    match trash::get_pickup_dates().await {
+        Ok(dates) => {
+            let calendar = calendar::calendar_from_pickup_dates(dates);
+            calendar.print().unwrap();
+        }
+        Err(error) => {
+            eprintln!("{}", error);
+        }
+    }
 }
diff --git a/pkgs/nextcloud-apps.toml b/pkgs/nextcloud-apps.toml
index 25ac8d9..36566db 100644
--- a/pkgs/nextcloud-apps.toml
+++ b/pkgs/nextcloud-apps.toml
@@ -1,24 +1,29 @@
 [bookmarks]
-src.github = "nextcloud/bookmarks"
+# src.github = "nextcloud/bookmarks"
 src.prefix = "v"
+src.manual = "v13.1.3"
 fetch.tarball = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz"
 
 [calendar]
-src.github = "nextcloud-releases/calendar"
+# src.github = "nextcloud-releases/calendar"
+src.manual = "v4.6.7"
 fetch.tarball = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz"
 
 [contacts]
-src.github = "nextcloud-releases/contacts"
+# src.github = "nextcloud-releases/contacts"
+src.manual = "v5.5.3"
 fetch.tarball = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz"
 
 [cookbook]
 # src.github = "christianlupus-nextcloud/cookbook-releases"
-src.manual = "v0.10.5"
 src.prefix = "v"
+src.manual = "0.10.5"
 fetch.tarball = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v$ver/Cookbook-$ver.tar.gz"
 
 [news]
-src.github = "nextcloud/news"
+# src.github = "nextcloud/news"
+# Update to 25 when angular rewrite is done/the alpha when I need to switch to nextcloud 28+
+src.manual = "24.0.0"
 fetch.tarball = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz"
 
 [notes]