diff --git a/machines/Lilim/options.nix b/machines/Lilim/options.nix
index a80cb88..f23829b 100644
--- a/machines/Lilim/options.nix
+++ b/machines/Lilim/options.nix
@@ -29,9 +29,9 @@ with lib;
       "xpkgs"
     ];
     services = [
-#      "containers"
+      "containers"
       "xserver"
-#      "docker"
+      "docker"
       "udev"
       "cups"
     ];
diff --git a/services/containers.nix b/services/containers.nix
index 6bd262c..2d5b197 100644
--- a/services/containers.nix
+++ b/services/containers.nix
@@ -18,6 +18,8 @@ mkIf (elem "containers" config.machine.services) {
           ../pkgs/nixpkgs.nix
           ../pkgs/pkgsets.nix
         ];
+      services.nixosManual.showManual         = false;
+      services.ntp.enable                     = false;
       };
   };
 }
diff --git a/services/mailserver.nix b/services/mailserver.nix
index 6281ffd..54ca0f0 100644
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@@ -5,10 +5,10 @@ with lib;
 mkIf (elem "mailserver" config.machine.services) {
   mailserver = rec {
     enable = true;
-    fqdn = "mail.ophanim.de";
-    domains = [ "ophanim.de" ];
+    fqdn = "mail.${config.machine.domain}";
+    domains = [ config.machine.domain ];
     loginAccounts = {
-        "derped@ophanim.de" = {
+        "derped@${config.machine.domain}" = {
             hashedPassword = (builtins.readFile /secret/derped.mail);
         };
     };
diff --git a/services/nginx.nix b/services/nginx.nix
index 3859da1..e12eb3c 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -2,6 +2,7 @@
 # Includes:                                                                                  #
 #   - Nginx + SSL config                                                                     #
 #   - Gitea                                                                                  #
+#   - Hydra                                                                                  #
 #   - Nextcloud                                                                              #
 #   - Mail ssl root                                                                          #
 ##############################################################################################
@@ -33,7 +34,7 @@ mkIf (elem "nginx" config.machine.services) {
         forceSSL = true;
         extraConfig = ''
           location / {
-            proxy_pass http://127.0.0.1:3001;
+            proxy_pass http://${config.services.hydra.listenHost}:${config.services.hydra.port};
             proxy_set_header Host $http_host;
             proxy_set_header REMOTE_ADDR $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -163,7 +164,7 @@ mkIf (elem "nginx" config.machine.services) {
 
           location @node {
             client_max_body_size 0;
-            proxy_pass http://localhost:3000;
+            proxy_pass http://${config.services.gitea.httpAddress}:${config.services.gitea.httpPort};
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header Host $http_host;
diff --git a/services/openssh.nix b/services/openssh.nix
index 6763fde..72c7e09 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -9,13 +9,18 @@ with lib;
 mkIf (elem "openssh" config.machine.services) {
   services.openssh = {
     enable = true;
+    kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
     sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
     startWhenNeeded = true;
     challengeResponseAuthentication = false;
     passwordAuthentication = false;
     permitRootLogin = "no";
     extraConfig = ''
+        UsePAM no
+        UseRoaming no
         AllowUsers derped git nix-ssh
+        UsePrivilegeSeparation sandbox
+        LogLevel VERBOSE
     '';
   };
 }