diff --git a/fake_flake.nix b/fake_flake.nix
index f1bf2e2..50e6b9c 100644
--- a/fake_flake.nix
+++ b/fake_flake.nix
@@ -43,7 +43,7 @@ in
     "${nivSources.agenix}/modules/age.nix"
     "${nivSources.nixos-mailserver}/default.nix"
     "${nivSources.nixos-matrix-modules}/module.nix"
-    "${nivSources.authentik-nix}/module.nix"
+    (import nivSources.authentik-nix).nixosModules.default
 
     # fixme: ideally we'd not rely on the flake syntax to load the module
     (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default
@@ -134,13 +134,11 @@ in
   nix.settings.extra-substituters = [
     "https://cache.lix.systems"
     "https://nyx.chaotic.cx/"
-    "https://nixcache.grimmauld.de"
   ];
 
   nix.settings.trusted-public-keys = [
     "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
     "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
     "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
-    "nixcache.grimmauld.de:LFBlakr8RYIuVb9I1S0+L9JGyB2THcfbPa0W6srghqo="
   ];
 }
diff --git a/modules/auth.nix b/modules/auth.nix
index 2cebe40..7258d1a 100644
--- a/modules/auth.nix
+++ b/modules/auth.nix
@@ -1,25 +1,27 @@
-{ config, ... }:
+<<<<<<< HEAD
+{ config, pkgs ... }:
 let
   inherit (config.serverConfig) vhosts;
   inherit (config.networking) domain;
 in
-{
-
-  services.authentik = {
-    enable = true;
-    # The environmentFile needs to be on the target host!
-    # Best use something like sops-nix or agenix to manage it
-    environmentFile = "/run/secrets/authentik/authentik-env";
-
-    # authentik_env.age
-
-    age.secrets.authentik_env = {
+in {
+  age.secrets.authentik_env = {
       file = ../secrets/authentik_env.age;
-      owner = "authentik";
-      group = "authentik";
+#      owner = "authentik";
+#      group = "authentik";
       mode = "0600";
     };
 
+  services.authentik = {
+#    enable = true;
+    # The environmentFile needs to be on the target host!
+    # Best use something like sops-nix or agenix to manage it
+    environmentFile = config.age.secrets.authentik_env.path;
+
+#    authentikComponents = {
+#      staticWorkdirDeps = pkgs.authentikComponents.staticWorkdirDeps;
+ #   };
+
     settings = {
       email = rec {
         host = vhosts.mail_host.host;
diff --git a/modules/default.nix b/modules/default.nix
index 8512a20..30702a6 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -17,6 +17,7 @@ in
     ./discord-matrix-bridge.nix
     ./mastodon.nix
     ./nix_cache.nix
+    ./auth.nix
   ];
 
   options.serverConfig =
@@ -182,6 +183,7 @@ in
         nix_cache_host = {
           host = "nixcache.${domain}";
           port = 5000;
+          accessType = "proxy"; 
         };
         auth_host = {
           host = "auth.${domain}";
diff --git a/specific/grimm-nixos-laptop/configuration.nix b/specific/grimm-nixos-laptop/configuration.nix
index 7b54db8..fb5d7d1 100644
--- a/specific/grimm-nixos-laptop/configuration.nix
+++ b/specific/grimm-nixos-laptop/configuration.nix
@@ -52,4 +52,12 @@
   networking.hostName = "grimmauld-nixos";
 
   system.stateVersion = "23.05";
+
+  nix.settings.extra-substituters = [
+    "https://nixcache.grimmauld.de"
+  ];
+
+  nix.settings.trusted-public-keys = [
+    "nixcache.grimmauld.de:LFBlakr8RYIuVb9I1S0+L9JGyB2THcfbPa0W6srghqo="
+  ];
 }