diff --git a/base.nix b/base.nix
index b4d5276..f223b4c 100644
--- a/base.nix
+++ b/base.nix
@@ -18,16 +18,6 @@
     keyMap = "no";
   };
 
-  system.autoUpgrade = {
-    enable = true;
-    flake = "github:felixalbrigtsen/nixos-server-conf";
-    flags = [
-      "--update-input" "nixpkgs"
-      "--update-input" "unstable"
-      "--no-write-lock-file"
-    ];
-  };
-
   nix = {
     gc = {
       automatic = true;
@@ -56,6 +46,13 @@
     enable = true;
     permitRootLogin = "no";
     passwordAuthentication = false;
+    kbdInteractiveAuthentication = false;
+    extraConfig = ''
+      AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding yes
+      AuthenticationMethods publickey
+    '';
   };
 
   users.users.felixalb = {
diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix
index 85c4c2d..fa04cab 100644
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@@ -11,6 +11,7 @@
       #./vms.nix
 
       ./services/nginx
+      ./services/postgres.nix
       ./services/kanidm.nix
       ./services/jellyfin.nix
       ./services/metrics
@@ -26,7 +27,7 @@
   # - Transmission
   # x Jellyfin
   # x NFS imports
-  # - NFS exports
+  # x NFS exports
   # - FreeBSD VM
   # - Kali VM
   # x Kerberos / IPA / Kanidm
@@ -36,7 +37,7 @@
   networking = {
     hostName = "voyager";
     defaultGateway = "192.168.10.1";
-    nameservers = [ "192.168.10.1" "1.1.1.1" ];
+    nameservers = [ "192.168.11.100" "1.1.1.1" ];
     interfaces.eno1.ipv4 = {
       addresses = [
       { address = "192.168.10.165"; prefixLength = 24; }
diff --git a/hosts/voyager/filesystems.nix b/hosts/voyager/filesystems.nix
index 2648384..d852fc7 100644
--- a/hosts/voyager/filesystems.nix
+++ b/hosts/voyager/filesystems.nix
@@ -29,6 +29,11 @@
 
       in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
     };
+
+    "/var/backup" = {
+      device = "/tank/backup/voyager";
+      options = [ "bind "];
+    };
   };
 
   # Network mounts (export)
diff --git a/hosts/voyager/services/hedgedoc.nix b/hosts/voyager/services/hedgedoc.nix
index de70f33..b7ec9f1 100644
--- a/hosts/voyager/services/hedgedoc.nix
+++ b/hosts/voyager/services/hedgedoc.nix
@@ -20,10 +20,10 @@ in {
             sessionSecret = "$CMD_SESSION_SECRET";
 
             allowFreeURL = true;
-            db = {
-                dialect = "sqlite";
-                storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
-            };
+            allowAnonymous = false;
+            allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
+
+            dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
 
             email = false;
             oauth2 = {
@@ -51,4 +51,15 @@ in {
     };
 
     networking.firewall.allowedTCPPorts = [ port ];
+
+    services.postgresql = {
+      ensureDatabases = [ "hedgedoc" ];
+      ensureUsers = [{
+        name = "hedgedoc";
+        ensurePermissions = {
+          "DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
+        };
+      }];
+    };
+
 }
diff --git a/hosts/voyager/services/postgres.nix b/hosts/voyager/services/postgres.nix
new file mode 100644
index 0000000..4501175
--- /dev/null
+++ b/hosts/voyager/services/postgres.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    /* enableTCPIP = true; # Expose on the network */
+    authentication = pkgs.lib.mkOverride 10 ''
+     local all all trust
+     host all all 127.0.0.1/32 trust
+     host all all ::1/128 trust
+    '';
+  };
+
+  services.postgresqlBackup = {
+    enable = true;
+    location = "/var/backup/postgres";
+    startAt = "*-*-* 03:15:00";
+    backupAll = true;
+  };
+
+  
+  environment.systemPackages = [ config.services.postgresql.package ];
+}
+
+