diff --git a/flake.lock b/flake.lock
index 37b6da6..65d7a41 100644
--- a/flake.lock
+++ b/flake.lock
@@ -216,11 +216,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714042918,
-        "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=",
+        "lastModified": 1713789879,
+        "narHash": "sha256-4Wt3Bg6uOnvwZcECBZaFEdzlWRlGLgd8DqLL4ugLdxg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db",
+        "rev": "46833c3115e8858370880d892748f0927d8193c3",
         "type": "github"
       },
       "original": {
@@ -317,11 +317,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1713869268,
-        "narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
+        "lastModified": 1713668931,
+        "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
+        "rev": "07ece11b22217b8459df589f858e92212b74f1a1",
         "type": "github"
       },
       "original": {
@@ -332,11 +332,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1713895582,
-        "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
+        "lastModified": 1713714899,
+        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "572af610f6151fd41c212f897c71f7056e3fb518",
+        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
         "type": "github"
       },
       "original": {
diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix
index 7cacf9b..33dc1d7 100644
--- a/hosts/falkenstein/modules/networks/default.nix
+++ b/hosts/falkenstein/modules/networks/default.nix
@@ -87,15 +87,8 @@
     };
     networks."30-dorm" = {
       matchConfig.Name = "wg0";
-      addresses = [
-        {
-          addressConfig = {
-            Address = "192.168.43.4/24";
-            AddPrefixRoute = false;
-          };
-        }
-      ];
       networkConfig = {
+        Address = "192.168.43.4/32";
         DNS = "192.168.43.1";
         Domains = [
           "~vpn.rfive.de"
diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix
index 3de6f87..624fd75 100644
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@@ -7,7 +7,6 @@
       ./modules/networks
       ./modules/adguard
       ./modules/backup
-      ./modules/keycloak
       ./modules/cache
       ./modules/matrix
       ./modules/mautrix-telegram
diff --git a/hosts/nuc/modules/keycloak/default.nix b/hosts/nuc/modules/keycloak/default.nix
deleted file mode 100644
index 0ace24b..0000000
--- a/hosts/nuc/modules/keycloak/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, ... }:
-let
-  domain = "auth.${config.networking.domain}";
-in
-{
-  age.secrets.keycloak = {
-    file = ../../../../secrets/nuc/keycloak/db.age;
-  };
-  services.keycloak = {
-    enable = true;
-    settings = {
-      http-port = 8084;
-      https-port = 19000;
-      hostname = domain;
-      # proxy-headers = "forwarded";
-      proxy = "edge";
-    };
-    database = {
-      # host = "/var/run/postgresql/.s.PGSQL.5432";
-      # useSSL = false;
-      # createLocally = false;
-      passwordFile = config.age.secrets.keycloak.path;
-    };
-    initialAdminPassword = "plschangeme";
-  };
-  # services.postgresql = {
-  #   enable = true;
-  #   ensureUsers = [
-  #     {
-  #       name = "keycloak";
-  #       ensureDBOwnership = true;
-  #     }
-  #   ];
-  #   ensureDatabases = [ "keycloak" ];
-  # };
-  services.nginx.virtualHosts."${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
-    };
-  };
-}
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 61290b4..adfaf20 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -163,15 +163,8 @@
     networks."30-wg0" = {
       matchConfig.Name = "wg0";
       linkConfig.RequiredForOnline = false;
-      addresses = [
-        {
-          addressConfig = {
-            Address = "192.168.43.3/24";
-            AddPrefixRoute = false;
-          };
-        }
-      ];
       networkConfig = {
+        Address = "192.168.43.3/32";
         DNS = "192.168.43.1";
         Domains = [
           "~vpn.rfive.de"
diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
index 0b4855e..7c86553 100644
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -95,7 +95,7 @@
   systemd.services = {
     openfortivpn-agdsn = {
       description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password)";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5";
       requires = [ "network-online.target" ];
       after = [ "network.target" "network-online.target" ];
       serviceConfig = {
diff --git a/hosts/thinkpad/modules/printing/default.nix b/hosts/thinkpad/modules/printing/default.nix
index de2c4ad..5285585 100644
--- a/hosts/thinkpad/modules/printing/default.nix
+++ b/hosts/thinkpad/modules/printing/default.nix
@@ -1,17 +1,13 @@
 { pkgs, ... }:
 {
-  # environment.systemPackages = with pkgs; [ cups ];
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;
-  };
-  services.printing = {
-    enable = true;
-    stateless = true;
-    browsedConf = ''
-      BrowsePoll cups.agdsn.network
-      LocalQueueNamingRemoteCUPS RemoteName
-    '';
-    drivers = with pkgs; [ cups-kyocera ];
-  };
+  environment.systemPackages = with pkgs; [ cups ];
+  #   services.printing = {
+  #   enable = true;
+  #   stateless = true;
+  #   browsedConf = ''
+  #     BrowsePoll cups.agdsn.network
+  #     LocalQueueNamingRemoteCUPS RemoteName
+  #   '';
+  #   drivers = with pkgs; [ cups-kyocera ];
+  # };
 }
diff --git a/secrets.nix b/secrets.nix
index f73f67b..afcde6c 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -20,7 +20,6 @@ in
   "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
-  "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
diff --git a/secrets/nuc/keycloak/db.age b/secrets/nuc/keycloak/db.age
deleted file mode 100644
index 1093a5b..0000000
Binary files a/secrets/nuc/keycloak/db.age and /dev/null differ
diff --git a/shared/zsh.nix b/shared/zsh.nix
index 08e66c3..61b2d18 100644
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@@ -45,8 +45,6 @@
         export MCFLY_RESULTS=30
         export MCFLY_INTERFACE_VIEW=BOTTOM
         export MCFLY_PROMPT="❯"
-        # fix for networkctl
-        zstyle ':completion:*:complete:networkctl:*' list-grouped true
         source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
         source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
         unsetopt extendedglob