diff --git a/features/shared/ssh.nix b/features/shared/ssh.nix
index ed78121..4400ec3 100644
--- a/features/shared/ssh.nix
+++ b/features/shared/ssh.nix
@@ -8,4 +8,14 @@
       PermitRootLogin = "no";
     };
   };
+
+  services.fail2ban.jails.sshd.settings = {
+    ssh = ''
+    enabled = true
+    port = ssh
+    filter = sshd
+    logpath = %(sshd_log)s
+    maxretry = 5
+    '';
+  };
 }
diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix
index 716f722..977b5eb 100644
--- a/hosts/sisyphe/configuration.nix
+++ b/hosts/sisyphe/configuration.nix
@@ -142,6 +142,11 @@ in
     "dotnet-sdk-wrapped-6.0.428"
   ];
 
+  # seems like sabnzbd needs some unfree pkgs...
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "unrar"
+  ];
+
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
diff --git a/hosts/sisyphe/features/fail2ban.nix b/hosts/sisyphe/features/fail2ban.nix
index 347e0c8..4e7a599 100644
--- a/hosts/sisyphe/features/fail2ban.nix
+++ b/hosts/sisyphe/features/fail2ban.nix
@@ -4,6 +4,25 @@
     enable = true;
     ignoreIP = [ "192.168.1.0/24" ];
     extraPackages = [ ];
-    jails = { };
+    jails = {
+      nextcloud = ''
+        enabled = true;
+        filter = nextcloud
+        port = http,https
+      '';
+     };
   };
+
+  environment.etc = {
+      "fail2ban/filter.d/nextcloud.conf".text = ''
+        [Definition]
+        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
+        failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
+        journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
+      '';
+    };
+
 }
diff --git a/hosts/sisyphe/features/multimedia/default.nix b/hosts/sisyphe/features/multimedia/default.nix
index fa082d5..e941af0 100644
--- a/hosts/sisyphe/features/multimedia/default.nix
+++ b/hosts/sisyphe/features/multimedia/default.nix
@@ -3,6 +3,7 @@
     ./arr-suite.nix
     ./calibre-web.nix
     ./slskd.nix
+    ./sabnzbd.nix
     ./transmission.nix
     ./jellyfin.nix
   ];
diff --git a/hosts/sisyphe/features/multimedia/sabnzbd.nix b/hosts/sisyphe/features/multimedia/sabnzbd.nix
new file mode 100644
index 0000000..ad2e8f6
--- /dev/null
+++ b/hosts/sisyphe/features/multimedia/sabnzbd.nix
@@ -0,0 +1,18 @@
+{config, pkgs, ...}:
+{
+  services.sabnzbd = {
+    enable = true;
+
+  };
+
+  services.caddy.virtualHosts."http://sabnzbd.normandy.sisyphe.hypervirtual.world".extraConfig = ''
+  reverse_proxy 8080
+  ''; 
+/*
+  services.prometheus.exporters.sabnzbd = {
+    enable = true;
+    servers = [
+      localhost
+    ]
+  };*/
+}
\ No newline at end of file
diff --git a/hosts/sisyphe/features/samba-shares.nix b/hosts/sisyphe/features/samba-shares.nix
index 66aa8d9..8c7d872 100644
--- a/hosts/sisyphe/features/samba-shares.nix
+++ b/hosts/sisyphe/features/samba-shares.nix
@@ -16,7 +16,6 @@ in
   config = {
     services.samba = {
       enable = true;
-      securityType = "user";
       openFirewall = true;
       settings = {
         global = {
diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix
index e96f332..a37407f 100644
--- a/hosts/sisyphe/features/services/nextcloud.nix
+++ b/hosts/sisyphe/features/services/nextcloud.nix
@@ -25,6 +25,7 @@
     database.createLocally = true;
     webserver = "caddy";
     configureRedis = true;
+    package = pkgs.nextcloud30;
     config = {
       dbtype = "pgsql";
       adminpassFile = config.sops.secrets.adminNextcloudPass.path;
@@ -62,37 +63,9 @@
     ];
 
     phpOptions."opcache.interned_strings_buffer" = "23";
-    extraApps = {
-      inherit (config.services.nextcloud.package.packages.apps)
-        contacts
-        calendar
-        previewgenerator
-        twofactor_nextcloud_notification
-        ;
-
-      memories = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo=";
-        url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz";
-        license = "agpl3Only";
-      };
-      /*
-        not useful for me
-           registration = pkgs.fetchNextcloudApp {
-             sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y=";
-             url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz";
-             license = "agpl3Only";
-           };
-      */
-      facerecognition = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE=";
-        url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz";
-        license = "agpl3Only";
-      };
-
-    };
-    extraAppsEnable = true;
     appstoreEnable = true; # why i would want appstore to be disabled ???
     autoUpdateApps.enable = true;
+    cli.memoryLimit = "4G";
   };
 
   environment.systemPackages =