diff --git a/features/shared/ssh.nix b/features/shared/ssh.nix
index 4400ec3..ed78121 100644
--- a/features/shared/ssh.nix
+++ b/features/shared/ssh.nix
@@ -8,14 +8,4 @@
       PermitRootLogin = "no";
     };
   };
-
-  services.fail2ban.jails.sshd.settings = {
-    ssh = ''
-    enabled = true
-    port = ssh
-    filter = sshd
-    logpath = %(sshd_log)s
-    maxretry = 5
-    '';
-  };
 }
diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix
index 977b5eb..716f722 100644
--- a/hosts/sisyphe/configuration.nix
+++ b/hosts/sisyphe/configuration.nix
@@ -142,11 +142,6 @@ in
     "dotnet-sdk-wrapped-6.0.428"
   ];
 
-  # seems like sabnzbd needs some unfree pkgs...
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-    "unrar"
-  ];
-
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
diff --git a/hosts/sisyphe/features/fail2ban.nix b/hosts/sisyphe/features/fail2ban.nix
index 4e7a599..347e0c8 100644
--- a/hosts/sisyphe/features/fail2ban.nix
+++ b/hosts/sisyphe/features/fail2ban.nix
@@ -4,25 +4,6 @@
     enable = true;
     ignoreIP = [ "192.168.1.0/24" ];
     extraPackages = [ ];
-    jails = {
-      nextcloud = ''
-        enabled = true;
-        filter = nextcloud
-        port = http,https
-      '';
-     };
+    jails = { };
   };
-
-  environment.etc = {
-      "fail2ban/filter.d/nextcloud.conf".text = ''
-        [Definition]
-        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
-        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
-        failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
-                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
-                    ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
-        journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
-      '';
-    };
-
 }
diff --git a/hosts/sisyphe/features/multimedia/default.nix b/hosts/sisyphe/features/multimedia/default.nix
index e941af0..fa082d5 100644
--- a/hosts/sisyphe/features/multimedia/default.nix
+++ b/hosts/sisyphe/features/multimedia/default.nix
@@ -3,7 +3,6 @@
     ./arr-suite.nix
     ./calibre-web.nix
     ./slskd.nix
-    ./sabnzbd.nix
     ./transmission.nix
     ./jellyfin.nix
   ];
diff --git a/hosts/sisyphe/features/multimedia/sabnzbd.nix b/hosts/sisyphe/features/multimedia/sabnzbd.nix
deleted file mode 100644
index ad2e8f6..0000000
--- a/hosts/sisyphe/features/multimedia/sabnzbd.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{config, pkgs, ...}:
-{
-  services.sabnzbd = {
-    enable = true;
-
-  };
-
-  services.caddy.virtualHosts."http://sabnzbd.normandy.sisyphe.hypervirtual.world".extraConfig = ''
-  reverse_proxy 8080
-  ''; 
-/*
-  services.prometheus.exporters.sabnzbd = {
-    enable = true;
-    servers = [
-      localhost
-    ]
-  };*/
-}
\ No newline at end of file
diff --git a/hosts/sisyphe/features/samba-shares.nix b/hosts/sisyphe/features/samba-shares.nix
index 8c7d872..66aa8d9 100644
--- a/hosts/sisyphe/features/samba-shares.nix
+++ b/hosts/sisyphe/features/samba-shares.nix
@@ -16,6 +16,7 @@ in
   config = {
     services.samba = {
       enable = true;
+      securityType = "user";
       openFirewall = true;
       settings = {
         global = {
diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix
index a37407f..e96f332 100644
--- a/hosts/sisyphe/features/services/nextcloud.nix
+++ b/hosts/sisyphe/features/services/nextcloud.nix
@@ -25,7 +25,6 @@
     database.createLocally = true;
     webserver = "caddy";
     configureRedis = true;
-    package = pkgs.nextcloud30;
     config = {
       dbtype = "pgsql";
       adminpassFile = config.sops.secrets.adminNextcloudPass.path;
@@ -63,9 +62,37 @@
     ];
 
     phpOptions."opcache.interned_strings_buffer" = "23";
+    extraApps = {
+      inherit (config.services.nextcloud.package.packages.apps)
+        contacts
+        calendar
+        previewgenerator
+        twofactor_nextcloud_notification
+        ;
+
+      memories = pkgs.fetchNextcloudApp {
+        sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo=";
+        url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz";
+        license = "agpl3Only";
+      };
+      /*
+        not useful for me
+           registration = pkgs.fetchNextcloudApp {
+             sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y=";
+             url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz";
+             license = "agpl3Only";
+           };
+      */
+      facerecognition = pkgs.fetchNextcloudApp {
+        sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE=";
+        url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz";
+        license = "agpl3Only";
+      };
+
+    };
+    extraAppsEnable = true;
     appstoreEnable = true; # why i would want appstore to be disabled ???
     autoUpdateApps.enable = true;
-    cli.memoryLimit = "4G";
   };
 
   environment.systemPackages =