diff --git a/containers/synapse/homeserver.yaml b/container-config/synapse/homeserver.yaml
similarity index 78%
rename from containers/synapse/homeserver.yaml
rename to container-config/synapse/homeserver.yaml
index 94a7ef6..c247aa0 100644
--- a/containers/synapse/homeserver.yaml
+++ b/container-config/synapse/homeserver.yaml
@@ -1,15 +1,15 @@
 server_name: strypsteen.me
 report_stats: false
 log_config: /etc/synapse/log_config.yaml
-signing_key_path: /var/lib/synapse/signing.key
+signing_key_path: /data/signing.key
 database:
   name: psycopg2
   args:
     host: systemd-postgresql.
     user: synapse
-    password: DB_PASS
+    password: synapse
     database: synapse
-media_store_path: /var/lib/synapse/media
+media_store_path: /data/media
 listeners:
   - type: http
     bind_addresses: ['::']
@@ -22,5 +22,4 @@ trusted_key_servers:
 suppress_key_server_warning: true
 turn_uris: ["turn:vps.strypsteen.com"]
 turn_allow_guests: false
-turn_shared_secret: TURN_SECRET
 delete_stale_devices_after: 1y
diff --git a/containers/synapse/log_config.yaml b/container-config/synapse/log_config.yaml
similarity index 100%
rename from containers/synapse/log_config.yaml
rename to container-config/synapse/log_config.yaml
diff --git a/containers-home/gitea/gitea.container b/containers-home/gitea/gitea.container
index ee65e94..6371508 100644
--- a/containers-home/gitea/gitea.container
+++ b/containers-home/gitea/gitea.container
@@ -1,8 +1,7 @@
 [Container]
 Image=docker.io/gitea/gitea:latest-rootless
-UserNS=keep-id:uid=1000,gid=1000
 Volume=/home/gitea/app.ini:/etc/gitea/app.ini:Z,ro
-Volume=/home/gitea/data:/var/lib/gitea:Z
+Volume=/home/gitea/data:/var/lib/gitea:U,Z
 PublishPort=[::1]:8001:3000
 AutoUpdate=registry
 [Install]
diff --git a/containers-home/monero/monero.container b/containers-home/monero/monero.container
index e391e78..413f70c 100644
--- a/containers-home/monero/monero.container
+++ b/containers-home/monero/monero.container
@@ -1,7 +1,6 @@
 [Container]
 Image=git.strypsteen.me/mathieu/monero
-UserNS=keep-id:uid=100,gid=101
-Volume=/home/monero/data:/.bitmonero:Z
+Volume=/home/monero/data:/.bitmonero:U,Z
 PublishPort=18089:18089
 AutoUpdate=registry
 [Install]
diff --git a/containers-home/synapse/postgresql.container b/containers-home/synapse/postgresql.container
index cb31d6b..a2b5201 100644
--- a/containers-home/synapse/postgresql.container
+++ b/containers-home/synapse/postgresql.container
@@ -1,8 +1,7 @@
 [Container]
-Image=git.strypsteen.me/mathieu/postgresql
-UserNS=keep-id:uid=70,gid=70
+Image=docker.io/postgres:16-alpine
 Network=synapse.network
-Volume=/home/synapse/db:/var/lib/postgres:Z
+Volume=/home/synapse/db:/var/lib/postgresql/data:U,Z
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
diff --git a/containers-home/synapse/synapse.container b/containers-home/synapse/synapse.container
index 3a91238..9d1af89 100644
--- a/containers-home/synapse/synapse.container
+++ b/containers-home/synapse/synapse.container
@@ -2,13 +2,13 @@
 Requires=postgresql.service
 After=postgresql.service
 [Container]
-Image=git.strypsteen.me/mathieu/synapse
-UserNS=keep-id:uid=100,gid=101
+Image=docker.io/matrixdotorg/synapse
 Network=synapse.network
-Volume=/home/synapse/data:/var/lib/synapse:Z
-Tmpfs=/etc/synapse
+User=991
+Exec=run --config-path /etc/synapse/homeserver.yaml --config-path /data/turn.yaml
+Volume=/var/lib/system-config/container-config/synapse:/etc/synapse:O
+Volume=/home/synapse/data:/data:U,Z
 PublishPort=[::1]:8000:8080
-EnvironmentFile=/home/synapse/synapse.cfg
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
diff --git a/containers-vps/podman-mail/dovecot.container b/containers-vps/podman-mail/dovecot.container
index d6eb23f..d9928bc 100644
--- a/containers-vps/podman-mail/dovecot.container
+++ b/containers-vps/podman-mail/dovecot.container
@@ -1,7 +1,5 @@
 [Container]
 Image=git.strypsteen.me/mathieu/dovecot
-UserNS=keep-id:uid=1000,gid=1000
-User=0
 Volume=/etc/certificates:/etc/certificates:O
 Volume=/home/podman-mail/dovecot:/etc/dovecot-local:O
 Volume=/home/podman-mail/mail:/srv/mail:Z
diff --git a/containers-vps/podman-mail/redis.container b/containers-vps/podman-mail/redis.container
index f71c52a..8802f54 100644
--- a/containers-vps/podman-mail/redis.container
+++ b/containers-vps/podman-mail/redis.container
@@ -1,8 +1,7 @@
 [Container]
 Image=cgr.dev/chainguard/redis
 Network=rspamd.network
-UserNS=keep-id:uid=65532,gid=65532
-Volume=redis.volume:/data:Z
+Volume=redis.volume:/data:U,Z
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
diff --git a/containers-vps/podman-mail/rspamd.container b/containers-vps/podman-mail/rspamd.container
index 4cf5612..de45357 100644
--- a/containers-vps/podman-mail/rspamd.container
+++ b/containers-vps/podman-mail/rspamd.container
@@ -4,9 +4,8 @@ After=redis.service
 [Container]
 Image=docker.io/rspamd/rspamd
 Network=rspamd.network
-UserNS=keep-id:uid=11333,gid=11333
 Volume=/var/lib/system-config/container-config/rspamd:/etc/rspamd/local.d:O
-Volume=rspamd.volume:/var/lib/rspamd:Z
+Volume=rspamd.volume:/var/lib/rspamd:U,Z
 Volume=/home/podman-mail/dkim:/var/lib/rspamd/dkim:O
 PublishPort=[::1]:11332:11332
 AutoUpdate=registry
diff --git a/containers/postgresql/Dockerfile b/containers/postgresql/Dockerfile
deleted file mode 100644
index f47afb8..0000000
--- a/containers/postgresql/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM git.strypsteen.me/mathieu/alpine
-RUN sed -i s/v3.18/edge/ /etc/apk/repositories
-RUN apk upgrade
-RUN apk add postgresql16
-USER postgres
-CMD postgres -D /var/lib/postgres -k /tmp
diff --git a/containers/synapse/Dockerfile b/containers/synapse/Dockerfile
deleted file mode 100644
index d85b727..0000000
--- a/containers/synapse/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM git.strypsteen.me/mathieu/alpine
-RUN apk add synapse
-COPY --chown=synapse homeserver.yaml /etc/synapse/homeserver.yaml
-COPY log_config.yaml /etc/synapse/log_config.yaml
-USER synapse
-CMD sed s/DB_PASS/$DB_PASS/ -i /etc/synapse/homeserver.yaml && sed s/TURN_SECRET/$TURN_SECRET/ -i /etc/synapse/homeserver.yaml && synapse_homeserver -c /etc/synapse/homeserver.yaml
diff --git a/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json b/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
index f36b0bf..b79027c 100644
--- a/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
+++ b/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
@@ -12,6 +12,10 @@
       "Locked": true,
       "ProviderURL": "https://dns10.quad9.net/dns-query"
     },
+    "EnableTrackingProtection": {
+      "Value": true,
+      "Locked": true
+    },
     "ExtensionSettings": {
       "amazon@search.mozilla.org": {
         "installation_mode": "blocked"
diff --git a/setup-common.sh b/setup-common.sh
index 03bdad2..4b7bb0c 100644
--- a/setup-common.sh
+++ b/setup-common.sh
@@ -2,4 +2,3 @@
 set -e
 cp -R common/* /
 sed -E "s/#(auth.+required)/\1/" -i /etc/pam.d/su
-authselect select minimal