diff --git a/nixos/machines/pepe/configuration.nix b/nixos/machines/pepe/configuration.nix
index 2538390..8ff221c 100644
--- a/nixos/machines/pepe/configuration.nix
+++ b/nixos/machines/pepe/configuration.nix
@@ -61,5 +61,10 @@
   services.printing.enable = false;
   services.smartd.enable = true;
 
+
+
+  # todo move to some place else
+  home-manager.users.mailUser.home.stateVersion = "22.11";
+
 }
 
diff --git a/nixos/machines/robi/codimd.nix b/nixos/machines/robi/codimd.nix
index 645590f..c44a0d8 100644
--- a/nixos/machines/robi/codimd.nix
+++ b/nixos/machines/robi/codimd.nix
@@ -10,14 +10,14 @@ in
     forceSSL = true;
     serverName = domain;
     locations."/" = {
-      proxyPass = "http://localhost:${toString config.services.hedgedoc.configuration.port}";
+      proxyPass = "http://localhost:${toString config.services.hedgedoc.settings.port}";
       proxyWebsockets = true;
     };
   };
 
   services.hedgedoc = {
     enable = true;
-    configuration = {
+    settings = {
       db = {
         dialect = "sqlite";
         storage = "/var/lib/hedgedoc/db.sqlite";
diff --git a/nixos/machines/robi/gitea.nix b/nixos/machines/robi/gitea.nix
index 6f7daa0..ea98f39 100644
--- a/nixos/machines/robi/gitea.nix
+++ b/nixos/machines/robi/gitea.nix
@@ -18,11 +18,13 @@
   services.gitea = {
     enable = true;
     appName = "git.ingolf-wagner.de";
-    cookieSecure = true;
-    disableRegistration = true;
+    #cookieSecure = true;
+    #disableRegistration = true;
     domain = "git.ingolf-wagner.de";
     rootUrl = "https://git.ingolf-wagner.de/";
     settings = {
+      service.DISABLE_REGISTRATION = true;
+      session.COOKIE_SECURE = true;
       other = {
         SHOW_FOOTER_VERSION = false;
       };
diff --git a/nixos/machines/robi/mail-fetcher.nix b/nixos/machines/robi/mail-fetcher.nix
index 339972e..d8ca3dd 100644
--- a/nixos/machines/robi/mail-fetcher.nix
+++ b/nixos/machines/robi/mail-fetcher.nix
@@ -595,6 +595,8 @@ in
     };
   };
 
+  home-manager.users.mailUser.home.stateVersion = "22.11";
+
   # configure mbsync
   home-manager.users.mailUser.programs.mbsync.enable = true;
 
diff --git a/nixos/machines/robi/nextcloud.nix b/nixos/machines/robi/nextcloud.nix
index b5e6383..433ba99 100644
--- a/nixos/machines/robi/nextcloud.nix
+++ b/nixos/machines/robi/nextcloud.nix
@@ -247,9 +247,10 @@ in
       # nextcloud setup
       services.nextcloud = {
         enable = true;
-        package = pkgs.nextcloud24;
+        package = pkgs.nextcloud25;
         autoUpdateApps.enable = true;
         #nginx.enable = true;
+        enableBrokenCiphersForSSE = false; # see https://github.com/NixOS/nixpkgs/pull/198470
         hostName = "nextcloud.ingolf-wagner.de";
         logLevel = 2;
         https = true;
diff --git a/nixos/machines/sternchen/hardware-configuration.nix b/nixos/machines/sternchen/hardware-configuration.nix
index 269f20b..7a5a1e1 100644
--- a/nixos/machines/sternchen/hardware-configuration.nix
+++ b/nixos/machines/sternchen/hardware-configuration.nix
@@ -37,7 +37,7 @@
   #  fsType = "ext4";
   #};
 
-  nix.setting.max-jobs = lib.mkDefault 4;
+  nix.settings.max-jobs = lib.mkDefault 4;
 
   # lvm volume group
   # ----------------
diff --git a/nixos/machines/sterni/configuration.nix b/nixos/machines/sterni/configuration.nix
index 736919c..6af7af4 100644
--- a/nixos/machines/sterni/configuration.nix
+++ b/nixos/machines/sterni/configuration.nix
@@ -53,7 +53,7 @@
   system.custom.fonts.dpi = 100;
 
   virtualisation = {
-    docker.enable = true;
+    #docker.enable = true;
     podman.enable = true;
 
     virtualbox = {
diff --git a/nixos/modules/system/mainUser.nix b/nixos/modules/system/mainUser.nix
index b09c8dd..0ff1ab4 100644
--- a/nixos/modules/system/mainUser.nix
+++ b/nixos/modules/system/mainUser.nix
@@ -57,6 +57,7 @@ in
 
   config = mkIf cfg.enable {
 
+
     users = {
 
       mutableUsers = true;
@@ -71,7 +72,16 @@ in
         extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" ]
           ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
         openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
+        group = config.users.groups.mainUser.name;
       };
+
+      groups.mainUser = {
+        name = cfg.userName;
+      };
+
     };
+
+
+
   };
 }
diff --git a/nixos/system/server/default.nix b/nixos/system/server/default.nix
index ae22d25..0528a48 100644
--- a/nixos/system/server/default.nix
+++ b/nixos/system/server/default.nix
@@ -21,5 +21,6 @@
   services.locate.locate = pkgs.mlocate;
   services.locate.localuser = null;
 
+
 }