diff --git a/machines/gerd.nix b/machines/gerd.nix
index d62607a..f2ea44e 100644
--- a/machines/gerd.nix
+++ b/machines/gerd.nix
@@ -25,6 +25,13 @@
     ./gerd/services/matrix-synapse.nix
   ];
 
+  # TODO: place this a better place
+  zramSwap = {
+    enable = true;
+    memoryPercent = 75;
+    algorithm = "lz4";
+  };
+
   networking.hostName = "gerd";
   networking.hostId = "e1166ac9";
 
@@ -57,14 +64,6 @@
     };
   };
 
-  # setup zramswap (we are very ram limited)
-  zramSwap = {
-    enable = true;
-    memoryPercent = 75;
-    algorithm = "lz4";
-  };
-
-
   # TMP FIX FOR https://github.com/nix-community/impermanence/issues/229
   boot.initrd.systemd.suppressedUnits = [ "systemd-machine-id-commit.service" ];
   systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ];
diff --git a/machines/gerd/services/authelia/authelia-nginx.nix b/machines/gerd/services/authelia/authelia-nginx.nix
index b58399a..96d08f2 100644
--- a/machines/gerd/services/authelia/authelia-nginx.nix
+++ b/machines/gerd/services/authelia/authelia-nginx.nix
@@ -76,8 +76,12 @@ let
     error_page 401 =302 https://${config.mine.shared.settings.authelia.domain}/?rd=$target_url;
   '';
 in {
-  mine.shared.lib.authelia.mkProtectedWebsite = websiteConfig: lib.recursiveUpdate websiteConfig {
-    extraConfig = (lib.attrByPath [ "extraConfig" ] "" websiteConfig) + "\n" + "include ${autheliaLocation};";
+  # TODO: fix this
+  mine.shared.lib.authelia.autheliaLocation = autheliaLocation;
+
+  mine.shared.lib.authelia.mkProtectedWebsite = { vhostConfig, endpoint ? "/" }: lib.recursiveUpdate vhostConfig {
+    extraConfig = (lib.attrByPath [ "extraConfig" ] "" vhostConfig) + "\n" + "include ${autheliaLocation};";
+    locations."${endpoint}" = config.mine.shared.lib.authelia.mkProtectedLocation (lib.attrByPath [ "locations" endpoint ] {} vhostConfig);
   };
 
   mine.shared.lib.authelia.mkProtectedLocation = vhostLocationConfig: lib.recursiveUpdate vhostLocationConfig {
diff --git a/machines/gerd/services/member-website/default.nix b/machines/gerd/services/member-website/default.nix
index 738da25..c92daac 100644
--- a/machines/gerd/services/member-website/default.nix
+++ b/machines/gerd/services/member-website/default.nix
@@ -18,7 +18,9 @@ in {
   };
 
   services.nginx.virtualHosts."${config.mine.shared.settings.domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
-    locations."${urlpath}" = config.mine.shared.lib.authelia.mkProtectedLocation {
+    endpoint = urlpath;
+    vhostConfig.locations."${urlpath}" = {
+      # extraConfig = "rewrite ^${urlpath}(.*)$ /$1 break;";
       proxyPass = "http://localhost:${builtins.toString port}";
     };
   };
diff --git a/machines/gerd/services/wger/default.nix b/machines/gerd/services/wger/default.nix
index afe2ffa..535cd9e 100644
--- a/machines/gerd/services/wger/default.nix
+++ b/machines/gerd/services/wger/default.nix
@@ -8,8 +8,15 @@ let
 
   wgerpkgs = pkgs.callPackage ./wgerpkg/default.nix {};
 
+# # Application settings
+# WGER_SETTINGS['EMAIL_FROM'] = 'wger Workout Manager <wger@example.com>'
+# WGER_SETTINGS["ALLOW_REGISTRATION"] = True
+# WGER_SETTINGS["ALLOW_GUEST_USERS"] = True
+# WGER_SETTINGS["ALLOW_UPLOAD_VIDEOS"] = False
+# WGER_SETTINGS["MIN_ACCOUNT_AGE_TO_TRUST"] = 21  # in days
+# WGER_SETTINGS["EXERCISE_CACHE_TTL"] = 3600  # in seconds
   wger_settings = {
-    EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";
+    EMAIL_FROM = "wger Workout Manager <wger@example.com>";
     ALLOW_REGISTRATION = true;
     ALLOW_GUEST_USERS = true;
     ALLOW_UPLOAD_VIDEOS = false;
@@ -18,8 +25,14 @@ let
   };
 
   django_settings = rec {
-    DEBUG = false;
+    DEBUG = true;
     DATABASES.default = {
+        # ENGINE = "django.db.backends.sqlite3";
+        # NAME = "${statedir}/database.sqlite";
+        # USER = "";
+        # PASSWORD = "";
+        # HOST = "";
+        # PORT = "";
         ENGINE = "django.db.backends.postgresql";
         NAME = "wger";
         USER = "wger";
@@ -28,36 +41,31 @@ let
         PORT = "";
     };
 
-    ADMINS = [["admin" "admin@${config.mine.shared.settings.domain}"]];
+    ADMINS = [["Your Name" "test@test.dk"]];
     MANAGERS = ADMINS;
 
-    TIME_ZONE = "Europe/Copenhagen";
+    TIME_ZONE = "Europe/Berlin";
 
-    SECRET_KEY = "$SECRET_KEY";
+    SECRET_KEY = "2w!yl6ausb-$05#mjnec)g_h#nc9pzzw0c(kvaskocvyyg1oqc";
+
+    SITE_URL = "http://localhost:8100";
 
-    SITE_URL = "https://${svc_domain}";
     MEDIA_ROOT = "${statedir}/media";
     MEDIA_URL = "/media/";
 
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend";
+
+# DEFAULT_FROM_EMAIL = WGER_SETTINGS['EMAIL_FROM']
 
-    # EMAIL
-    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
-    EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
-    EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;
-    EMAIL_USE_SSL = true;
-    EMAIL_HOST_USER = "wger";
-    EMAIL_HOST_PASSWORD = "$EMAIL_HOST_PASSWORD";
-    EMAIL_FROM_ADDRESS = wger_settings.EMAIL_FROM;
     EMAIL_PAGE_DOMAIN = SITE_URL;
 
-    # setup allowed hosts
     CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
     ALLOWED_HOSTS = [ svc_domain ];
 
-    # disable recaptcha
     RECAPTCHA_PUBLIC_KEY = "";
     RECAPTCHA_PRIVATE_KEY = "";
     USE_RECAPTCHA = false;
+
   };
 
   wger_settings_file = pkgs.writeText "settings.json" (builtins.toJSON wger_settings);
@@ -65,73 +73,50 @@ let
   settingsFile = pkgs.writeText "settings.py" ''
     from wger.settings_global import *
     import json
-    import os
     
     with open("${django_settings_file}") as f:
-        for k, v in json.load(f).items():
-            if isinstance(v, str) and v.startswith("$"):
-                v = os.environ[v[1:]]
-
-            globals()[k] = v
+        globals().update(json.load(f))
     
     with open("${wger_settings_file}") as f:
-        for k, v in json.load(f).items():
-            if isinstance(v, str) and v.startswith("$"):
-                v = os.environ[v[1:]]
-
-            WGER_SETTINGS[k] = v
+        WGER_SETTINGS.update(json.load(f))
   '';
 in {
 
-  # main service
   systemd.services.wger = {
     description = "wger fitness";
     wantedBy = [ "multi-user.target" ];
     after = [ "networking.target" ];
-
     script = ''
-      # initial setup
+      # general wger things
       ${wgerpkgs}/bin/wger migrate-db -s ${settingsFile} || true
-      ${wgerpkgs}/bin/wger load-fixtures -s ${settingsFile} || true
+      # ${wgerpkgs}/bin/wger load-fixtures -s ${settingsFile} || true
+      # ${wgerpkgs}/bin/wger load-online-fixtures -s ${settingsFile} || true
+
+      # manage things
+      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-images || true
+      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-videos || true
+      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-ingredient-images || true
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-exercises || true
+      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-ingredients || true
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage exercises-health-check || true
 
       # run server
       ${wgerpkgs}/bin/wger start -s ${settingsFile}
     '';
 
     serviceConfig = {
-      EnvironmentFile = config.age.secrets.wger-env.path;
-
       User = "wger";
       Group = "wger";
+      
     };
   };
-
-  # periodic keep up-to-date
-  systemd.timers."wger-housekeeping" = {
-    wantedBy = [ "timers.target" ];
-    timerConfig.OnCalendar = "daily";
-  };
-  
-  systemd.services."wger-housekeeping" = {
-    after = [ "wger.service" ];
-    requires = [ "wger.service" ];
-    script = ''
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-exercises || true
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-images || true
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-videos || true
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-ingredients || true
-      ${wgerpkgs}/bin/wger load-online-fixtures -s ${settingsFile} || true
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage exercises-health-check || true
-    '';
-
-    serviceConfig = {
-      EnvironmentFile = config.age.secrets.wger-env.path;
-
-      # Type = "oneshot";
-      User = "wger";
-      Group = "wger";
-    };
+  users.users."${wger_user}"= {
+    uid = 738;
+    isSystemUser = true;
+    group = wger_user;
+    
   };
+  users.groups."${wger_user}".gid = 738;
 
   services.postgresql = {
     ensureDatabases = [ wger_user ];
@@ -142,18 +127,13 @@ in {
   };
 
 
-  # setup users
-  users.users."${wger_user}"= {
-    uid = 738;
-    isSystemUser = true;
-    group = wger_user;
-  };
-  users.groups."${wger_user}".gid = 738;
-
-  # nginx
-  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
+  services.nginx.virtualHosts."${svc_domain}" = {
     forceSSL = true;
     enableACME = true;
+
+    extraConfig = ''
+      include ${config.mine.shared.lib.authelia.autheliaLocation};
+    '';
     
     locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
       proxyPass = "http://localhost:${builtins.toString port}";
@@ -166,19 +146,4 @@ in {
     locations."/media".proxyPass = "http://localhost:${builtins.toString port}";
     locations."/api".proxyPass = "http://localhost:${builtins.toString port}";
   };
-
-  # metadata
-  mine.shared.meta.wger = {
-    name = "Wger";
-    description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";
-    url = "https://${svc_domain}";
-
-    package = let
-      pkg = wgerpkgs;
-    in {
-      name = pkg.pname;
-      version = pkg.version;
-      meta = pkg.meta;
-    };
-  };
 }
diff --git a/machines/gerd/services/wger/wgerpkg/default.nix b/machines/gerd/services/wger/wgerpkg/default.nix
index 0148e84..8a9b38b 100644
--- a/machines/gerd/services/wger/wgerpkg/default.nix
+++ b/machines/gerd/services/wger/wgerpkg/default.nix
@@ -9,7 +9,7 @@ let
   frontend = callPackage ./frontend.nix {};
 in python3.pkgs.buildPythonApplication rec {
   pname = "wger";
-  version = "unstable-2024-12-01";
+  version = "unstable";
   pyproject = true;
 
   src = fetchFromGitHub {
diff --git a/secrets/default.nix b/secrets/default.nix
index 5ee11a2..458e408 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -38,9 +38,6 @@
 
     # matrix-synapse
     matrix-synapse-config-authelia-secret.file = ./matrix-synapse/config-authelia-secret.age;
-
-    # wger
-    wger-env.file = ./wger/env.age;
   };
 
   users.groups.secrets-lldap-bind-user-pass = {};
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4a5c194..499f8de 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -48,7 +48,4 @@ in
 
   # matrix-synapse
   "matrix-synapse/config-authelia-secret.age".publicKeys = defaultAccess;
-
-  # wger
-  "wger/env.age".publicKeys = defaultAccess;
 }
diff --git a/secrets/wger/env.age b/secrets/wger/env.age
deleted file mode 100644
index c848bf6..0000000
--- a/secrets/wger/env.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 QSDXqg KGoB/V0cCAZsfVmoLDmA5Xs2HOHqjg54TYqixYQduEw
-sqDb6QnEbwEncAbxKLRLkjCQIwMLBTNMVcejFOwhZWM
--> X25519 o64XZRaiK7ZEquTMmXTyhpdArawiuXC+5W5seFrJclY
-qTLXrNGMTPAXs5EzMuCiQ07Ho2LT1KTku2f1AlCHPlk
--> ssh-ed25519 n8n9DQ a8ESfbksuY++k52UJwTKJtb4/aiYzQqUgyYqfug5oyA
-bZygFOW6YSg83CmZRpsNDux+UgOxCfja1eQ/R4NyLXM
--> ssh-ed25519 BTp6UA yFBZAlGtHV98t6UA8QbELjOW/Pu6KYVPjbXFvijl9m0
-+eobFp5YNBsr2+10Huimwypn3S4/lc7zoX5Ldko9mhA
---- g7w825LgydJlmyZiqnIL0ofUsTn+e47rFmSG8ft6Qqg
-!lï•:^çÄÙƒ}R&X‚º^_ã213·-éŒË£0ÅnBþ–DK€­æ&Ù©Dþ:¾^½ÒUwÃÌóŸ8(£‡ä X‡¾QZsÖªŒâ^(CÂ!ÍìÊ$ ™Üöý×(‹wÎ8t“ô¾Ñ!Úç²±ÐÌˆït;¥ÃNgÚÛ§ˆŽ[²f+Ù‚Q°
\ No newline at end of file