diff --git a/.justfile b/.justfile
index ab466bb..67ac3a4 100644
--- a/.justfile
+++ b/.justfile
@@ -1,4 +1,7 @@
 
 try-again:
     nix flake update amarth-customer-portal
-    nix flake check --all-systems --show-trace
\ No newline at end of file
+    nix flake check --all-systems --show-trace
+
+update machine:
+    nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake .#{{ machine }}
\ No newline at end of file
diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix
index 3b2a4a3..e0e4a59 100644
--- a/modules/nixos/services/authentication/zitadel/default.nix
+++ b/modules/nixos/services/authentication/zitadel/default.nix
@@ -117,12 +117,12 @@ in
         enable = true;
         virtualHosts = {
           "auth.kruining.eu".extraConfig = ''
-            reverse_proxy h2c://127.0.0.1:9092
+            reverse_proxy h2c://::1:9092
           '';
         };
         extraConfig = ''
-          (auth-z) {
-            forward_auth h2c://127.0.0.1:9092 {
+          (auth) {
+            forward_auth h2c://::1:9092 {
               uri /api/authz/forward-auth
               copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
             }
@@ -130,6 +130,8 @@ in
         '';
       };
     };
+      
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
 
     # Secrets
     sops.secrets."zitadel/masterKey" = {
diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki/default.nix
index 8f6e0e3..d4774ac 100644
--- a/modules/nixos/services/observability/loki/default.nix
+++ b/modules/nixos/services/observability/loki/default.nix
@@ -23,7 +23,7 @@ in
         common = {
           ring = {
             instance_addr = "127.0.0.1";
-            kvstore.store = "inmmemory";
+            kvstore.store = "inmemory";
           };
           replication_factor = 1;
           path_prefix = "/tmp/loki";
diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix
index 1f32adc..25aabbd 100644
--- a/modules/nixos/services/observability/promtail/default.nix
+++ b/modules/nixos/services/observability/promtail/default.nix
@@ -29,9 +29,11 @@ in
           filename = "filename";
         };
 
-        clients = {
-          url = "http://127.0.0.1:3100/loki/api/v1/push";
-        };
+        clients = [
+          {
+            url = "http://::1:9003/loki/api/v1/push";
+          }
+        ];
 
         scrape_configs = [
           {
diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix
index a601960..0794585 100644
--- a/systems/x86_64-linux/ulmo/default.nix
+++ b/systems/x86_64-linux/ulmo/default.nix
@@ -25,9 +25,20 @@
     };
   };
 
+  # Expose amarht cloud stuff like this until I have a proper solution
+  services.caddy.virtualHosts = {
+    "auth.amarth.cloud".extraConfig = ''
+      reverse_proxy http://192.168.1.223:9092
+    '';
+
+    "amarth.cloud".extraConfig = ''
+      reverse_proxy http://192.168.1.223:8080
+    '';
+  };
+
   sneeuwvlok = {
     services = {
-      authentication.authelia.enable = true;
+      # authentication.authelia.enable = true;
       authentication.zitadel.enable = true;
 
       communication.matrix.enable = true;