diff --git a/sys/machines/hopper/lab/default.nix b/sys/machines/hopper/lab/default.nix
index 9ea522b..dcdb710 100644
--- a/sys/machines/hopper/lab/default.nix
+++ b/sys/machines/hopper/lab/default.nix
@@ -203,16 +203,6 @@ in {
           reverse_proxy unix//var/lib/navidrome/navidrome.sock
         '';
       };
-      firefly = {
-        useACMEHost = null;
-        hostName = "firefly.hopper.xun.host:80";
-        extraConfig = ''
-          encode zstd gzip
-          root * ${config.services.firefly-iii.package}/public
-          php_fastcgi unix/${config.services.phpfpm.pools.firefly-iii.socket}
-          file_server
-        '';
-      };
       # slskd-pub = {
       #   hostName = "slskd.${domain}:${toString caddyPort}";
       #   extraConfig = ''
@@ -261,36 +251,6 @@ in {
     };
   };
 
-  # https://github.com/diogotcorreia/dotfiles/blob/f49cda185cef30d8150a08b60112766f4fc95813/hosts/hera/firefly-iii.nix#L19
-  services.firefly-iii = {
-    enable = true;
-    virtualHost = "firefly.hopper.xun.host";
-    group = config.services.caddy.group;
-    settings = {
-      DB_CONNECTION = "pgsql";
-      APP_KEY_FILE = config.sops.secrets.firefly.path;
-    };
-  };
-  services.postgresql = {
-    enable = true;
-    ensureUsers = [
-      {
-        name = config.services.firefly-iii.user;
-        ensureDBOwnership = true;
-        ensureClauses.login = true;
-      }
-    ];
-    ensureDatabases = [config.services.firefly-iii.user];
-  };
-  services.firefly-iii-data-importer = {
-    enable = true;
-    group = config.services.caddy.group;
-    settings = {
-      FIREFLY_III_URL = config.services.firefly-iii.settings.APP_URL;
-      FIREFLY_III_ACCESS_TOKEN = config.sops.secrets.firefly-data-importer.path;
-    };
-  };
-
   systemd.services.homepage-dashboard.vpnConfinement = {
     enable = true;
     vpnNamespace = "wg";
@@ -336,6 +296,12 @@ in {
               icon = "jellyfin";
             };
           }
+          {
+            "navidrome" = {
+              href = "http://navidrome.hopper.xun.host";
+              icon = "jellyfin";
+            };
+          }
           {
             "adguard home" = {
               href = "http://${config.networking.hostName}:${toString config.services.adguardhome.port}";
@@ -354,12 +320,6 @@ in {
               icon = "kanidm";
             };
           }
-          {
-            "firefly iii" = {
-              href = "http://firefly.hopper.xun.host";
-              icon = "firefly-iii";
-            };
-          }
         ];
       }
     ];
@@ -505,7 +465,10 @@ in {
   services.oauth2-proxy = {
     enable = true;
     clientID = "oauth2-proxy";
-    cookie.expire = "24h";
+    cookie = {
+      expire = "24h";
+      # secure = false;
+    };
     email.domains = ["*"];
     httpAddress = "unix:///run/oauth2-proxy/oauth2-proxy.sock";
     scope = "openid profile email";
diff --git a/sys/profiles/secrets/hopper/default.nix b/sys/profiles/secrets/hopper/default.nix
index f6a1199..7952071 100644
--- a/sys/profiles/secrets/hopper/default.nix
+++ b/sys/profiles/secrets/hopper/default.nix
@@ -59,16 +59,16 @@ in {
       owner = "kanidm";
     };
 
-    firefly = {
-      format = "binary";
-      sopsFile = ./firefly;
-      owner = config.services.firefly-iii.user;
-    };
-    firefly-data-importer = {
-      format = "binary";
-      sopsFile = ./firefly-data-importer;
-      owner = config.services.firefly-iii-data-importer.user;
-    };
+    # firefly = {
+    #   format = "binary";
+    #   sopsFile = ./firefly;
+    #   owner = config.services.firefly-iii.user;
+    # };
+    # firefly-data-importer = {
+    #   format = "binary";
+    #   sopsFile = ./firefly-data-importer;
+    #   owner = config.services.firefly-iii-data-importer.user;
+    # };
 
     # "keycloak/db" = {
     #   sopsFile = ./keycloak.yaml;