diff --git a/home-manager-modules/git/default.nix b/home-manager-modules/git/default.nix
index ac93457..f9db92c 100644
--- a/home-manager-modules/git/default.nix
+++ b/home-manager-modules/git/default.nix
@@ -22,6 +22,12 @@ with lib;
         signByDefault = true;
         key = "6FC74C847011FD83";
       };
+      maintenance = {
+        enable = true;
+        repositories = [
+          "/home/julien/dev/nixpkgs"
+        ];
+      };
       delta.enable = true;
       ignores = [ ".direnv" ];
       extraConfig = {
diff --git a/lon.lock b/lon.lock
index f324783..72c8dfc 100644
--- a/lon.lock
+++ b/lon.lock
@@ -157,9 +157,9 @@
       "owner": "nixos",
       "repo": "nixpkgs",
       "branch": "nixos-24.11",
-      "revision": "ebe2788eafd539477f83775ef93c3c7e244421d3",
-      "url": "https://github.com/nixos/nixpkgs/archive/ebe2788eafd539477f83775ef93c3c7e244421d3.tar.gz",
-      "hash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y="
+      "revision": "a880f49904d68b5e53338d1e8c7bf80f59903928",
+      "url": "https://github.com/nixos/nixpkgs/archive/a880f49904d68b5e53338d1e8c7bf80f59903928.tar.gz",
+      "hash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8="
     },
     "proxmox": {
       "type": "GitHub",
@@ -186,9 +186,9 @@
       "owner": "nixos",
       "repo": "nixpkgs",
       "branch": "nixos-unstable",
-      "revision": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
-      "url": "https://github.com/nixos/nixpkgs/archive/e3e32b642a31e6714ec1b712de8c91a3352ce7e1.tar.gz",
-      "hash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk="
+      "revision": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8",
+      "url": "https://github.com/nixos/nixpkgs/archive/063dece00c5a77e4a0ea24e5e5a5bd75232806f8.tar.gz",
+      "hash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE="
     }
   }
 }
diff --git a/machines/biblios/garage.nix b/machines/biblios/garage.nix
index 8c59865..8fffad5 100644
--- a/machines/biblios/garage.nix
+++ b/machines/biblios/garage.nix
@@ -10,7 +10,7 @@ in
 {
   services.garage = {
     enable = true;
-    package = pkgs.garage_1_0_1;
+    package = pkgs.garage_1_1_0;
 
     settings = {
       replication_factor = 1;
diff --git a/machines/core-security/kanidm.nix b/machines/core-security/kanidm.nix
index 9b4521e..cd5ea57 100644
--- a/machines/core-security/kanidm.nix
+++ b/machines/core-security/kanidm.nix
@@ -1,11 +1,12 @@
 { pkgs, config, ... }:
 let
   certificate = config.security.acme.certs."auth.luj.fr";
+  kanidm = pkgs.kanidm_1_5;
 in
 {
   services.kanidm = {
     enableServer = true;
-    package = pkgs.kanidm_1_4;
+    package = kanidm;
     serverSettings = rec {
       domain = "auth.luj.fr";
       origin = "https://${domain}";
@@ -16,7 +17,7 @@ in
     };
   };
 
-  environment.systemPackages = [ pkgs.kanidm_1_4 ];
+  environment.systemPackages = [ kanidm ];
 
   users.users.kanidm.extraGroups = [ certificate.group ];
 
diff --git a/machines/fischer/home-julien.nix b/machines/fischer/home-julien.nix
index f132c8b..f3af91a 100644
--- a/machines/fischer/home-julien.nix
+++ b/machines/fischer/home-julien.nix
@@ -78,6 +78,7 @@
         unstable.nixfmt-rfc-style
         kanidm
         yubioath-flutter
+        ltex-ls
       ]
       ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
 
diff --git a/machines/gallifrey/hardware.nix b/machines/gallifrey/hardware.nix
index f7a11d7..5a253e5 100644
--- a/machines/gallifrey/hardware.nix
+++ b/machines/gallifrey/hardware.nix
@@ -22,7 +22,7 @@
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
-  boot.kernelPackages = pkgs.linuxPackages_6_11;
+  boot.kernelPackages = pkgs.linuxPackages_6_13;
 
   fileSystems."/data" = {
     device = "/dev/disk/by-uuid/4680be45-8156-4bf0-8b0b-e7493aaf37c0";
diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix
index ab57b08..47715bd 100644
--- a/machines/gustave/default.nix
+++ b/machines/gustave/default.nix
@@ -23,6 +23,8 @@
 
   users.users.julien.linger = true;
 
+  services.backup.includes = [ "/home/julien/Maildir" ];
+
   services.openssh.extraConfig = ''
     HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
     HostKey /etc/ssh/ssh_host_ed25519_key
@@ -113,11 +115,19 @@
   services.forgejo = {
     enable = true;
     package = pkgs.unstable.forgejo;
+    database.type = "postgres";
     settings = {
       server = {
         ROOT_URL = "https://git.luj.fr/";
         LANDING_PAGE = "luj";
       };
+      #openid.ENABLE_OPENID_SIGNIN = true;
+      openid.ENABLE_OPENID_SIGNUP = true;
+      oauth2_client.REGISTER_EMAIL_CONFIRM = false;
+      oauth2_client.ENABLE_AUTO_REGISTRATION = true;
+      oauth2_client.UPDATE_AVATAR = true;
+      oauth2_client.ACCOUNT_LINKING = "auto";
+      service.ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
     };
   };