diff --git a/flake.lock b/flake.lock
index 4f80c2b..ac1572a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,15 +14,15 @@
         "uv2nix": "uv2nix"
       },
       "locked": {
-        "lastModified": 1747509307,
-        "narHash": "sha256-v08I8e2006ZHamRJ9iawHGoQphYsQu0TrORd5qwg4nk=",
-        "owner": "MarcelCoding",
+        "lastModified": 1749129962,
+        "narHash": "sha256-gc1l5z5dWw9a9DWsrp0ZiD+SSMsNpEwMEiRi8K5sh5c=",
+        "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "fa8d3ea7335ee2adf4d1a633bc725199def62791",
+        "rev": "271a38f7c4e2551f0674b894e2adf7cd1ddb8168",
         "type": "github"
       },
       "original": {
-        "owner": "MarcelCoding",
+        "owner": "nix-community",
         "repo": "authentik-nix",
         "type": "github"
       }
@@ -30,16 +30,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1747329052,
-        "narHash": "sha256-idShMSYIrf3ViG9VFNGNu6TSjBz3Q+GJMMeCzcJwfG4=",
+        "lastModified": 1749043670,
+        "narHash": "sha256-gwHngqb23U8By7jhxFWQZOXy+vPQApJSkvr4gHI5ifQ=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "ae47624761f05040149d856d5e55a90cd7492740",
+        "rev": "bda30c5ad5838fea36dc0a06f8580cca437f0fc0",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2025.4.1",
+        "ref": "version/2025.4.2",
         "repo": "authentik",
         "type": "github"
       }
@@ -105,11 +105,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "lastModified": 1748821116,
+        "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
         "type": "github"
       },
       "original": {
@@ -283,27 +283,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1747335874,
-        "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=",
+        "lastModified": 1748929857,
+        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858",
+        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1743296961,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "lastModified": 1748740939,
+        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
         "type": "github"
       },
       "original": {
@@ -440,11 +440,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744599653,
-        "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
+        "lastModified": 1748562898,
+        "narHash": "sha256-STk4QklrGpM3gliPKNJdBLSQvIrqRuwHI/rnYb/5rh8=",
         "owner": "pyproject-nix",
         "repo": "build-system-pkgs",
-        "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
+        "rev": "33bd58351957bb52dd1700ea7eeefe34de06a892",
         "type": "github"
       },
       "original": {
@@ -649,11 +649,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746649034,
-        "narHash": "sha256-gmv+ZiY3pQnwgI0Gm3Z1tNSux1CnOJ0De+xeDOol1+0=",
+        "lastModified": 1748916602,
+        "narHash": "sha256-GiwjjmPIISDFD0uQ1DqQ+/38hZ+2z1lTKVj/TkKaWwQ=",
         "owner": "pyproject-nix",
         "repo": "uv2nix",
-        "rev": "fe540e91c26f378c62bf6da365a97e848434d0cd",
+        "rev": "a4dd471de62b27928191908f57bfcd702ec2bfc9",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 79ba0c3..3be61e4 100755
--- a/flake.nix
+++ b/flake.nix
@@ -17,10 +17,7 @@
     notenrechner.url = "git+https://git.ifsr.de/frieder.hannenheim/notenrechner.git";
     notenrechner.inputs.nixpkgs.follows = "nixpkgs";
     authentik = {
-      # change to old one when we are at 25.05
-      # see https://github.com/nix-community/authentik-nix/issues/56 for context
-      url = "github:MarcelCoding/authentik-nix";
-      # url = "github:nix-community/authentik-nix";
+      url = "github:nix-community/authentik-nix";
     };
 
 
diff --git a/modules/mail/dovecot2.nix b/modules/mail/dovecot2.nix
index ef3bbcc..a422c3a 100644
--- a/modules/mail/dovecot2.nix
+++ b/modules/mail/dovecot2.nix
@@ -19,6 +19,10 @@ in
     993 # IMAPS
     4190 # Managesieve
   ];
+    environment.systemPackages = [
+    pkgs.dovecot_pigeonhole
+  ];
+
   sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user;
   services.dovecot2 = {
     enable = true;
@@ -65,9 +69,6 @@ in
         specialUse = "Archive";
       };
     };
-    modules = [
-      pkgs.dovecot_pigeonhole
-    ];
     # set to satisfy the sieveScripts check, will be overridden by userdb lookups anyways
     mailUser = "vmail";
     mailGroup = "vmail";
diff --git a/modules/mail/rspamd.nix b/modules/mail/rspamd.nix
index cab3fd0..bb3cb59 100644
--- a/modules/mail/rspamd.nix
+++ b/modules/mail/rspamd.nix
@@ -197,6 +197,7 @@ in
             extraConfig = ''
               allow 141.30.0.0/16;
               allow 141.76.0.0/16;
+              allow 2a13:dd80::/29;
               deny all;
             '';
           };
diff --git a/modules/matrix/mautrix-telegram.nix b/modules/matrix/mautrix-telegram.nix
index 270ccc7..eccec9e 100644
--- a/modules/matrix/mautrix-telegram.nix
+++ b/modules/matrix/mautrix-telegram.nix
@@ -17,22 +17,11 @@ in
 
   sops.secrets.mautrix-telegram_env = { };
 
-  services.matrix-synapse.settings.app_service_config_files = [
-    # The registration file is automatically generated after starting the
-    # appservice for the first time.
-    registrationFileSynapse
-  ];
-
-  systemd.tmpfiles.rules = [
-    # copy registration file over to synapse
-    "C ${registrationFileSynapse} - - - - ${registrationFileMautrix}"
-    "Z /var/lib/matrix-synapse/ - matrix-synapse matrix-synapse - -"
-  ];
-
   services.mautrix-telegram = {
     enable = true;
 
     environmentFile = config.sops.secrets.mautrix-telegram_env.path;
+    registerToSynapse = true;
 
     settings = {
       homeserver = {
@@ -57,14 +46,4 @@ in
       };
     };
   };
-
-  # If we don't explicitly set {a,h}s_token, mautrix-telegram will try to read them from the registrationFile
-  # and write them to the settingsFile in /nix/store, which obviously fails.
-  systemd.services.mautrix-telegram.serviceConfig.ExecStart =
-    lib.mkForce (pkgs.writeShellScript "start" ''
-      export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-)
-      export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-)
-
-      ${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}'
-    '');
 }