diff --git a/container-config/nginx-home/auth b/container-config/nginx-home/auth
new file mode 100644
index 0000000..337d8f9
--- /dev/null
+++ b/container-config/nginx-home/auth
@@ -0,0 +1,11 @@
+server {
+  server_name auth.strypsteen.com;
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  include snippets/headers.conf;
+  location / {
+    set $upstream systemd-keycloak.;
+    proxy_pass http://$upstream:8080;
+    include snippets/proxy.conf;
+  }
+}
diff --git a/container-config/nginx/snippets/proxy.conf b/container-config/nginx/snippets/proxy.conf
index 3cc5143..f07aa38 100644
--- a/container-config/nginx/snippets/proxy.conf
+++ b/container-config/nginx/snippets/proxy.conf
@@ -1,6 +1,8 @@
 proxy_set_header X-Forwarded-For $remote_addr;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Port $server_port;
 proxy_set_header Host $host;
 proxy_hide_header X-Frame-Options;
 proxy_hide_header X-Content-Type-Options;
diff --git a/desktop/var/lib/flatpak/extension/org.chromium.Chromium.Extension.system-policies/x86_64/1/policies/managed/policy.json b/desktop/var/lib/flatpak/extension/org.chromium.Chromium.Extension.system-policies/x86_64/1/policies/managed/policy.json
index aef316f..aec407d 100644
--- a/desktop/var/lib/flatpak/extension/org.chromium.Chromium.Extension.system-policies/x86_64/1/policies/managed/policy.json
+++ b/desktop/var/lib/flatpak/extension/org.chromium.Chromium.Extension.system-policies/x86_64/1/policies/managed/policy.json
@@ -4,7 +4,7 @@
   "CookiesAllowedForUrls": ["localhost", "[*.]strypsteen.com"],
   "DefaultCookiesSetting": 4,
   "DefaultSearchProviderEnabled": true,
-  "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}",
+  "DefaultSearchProviderSearchURL": "https://search.brave.com/search?q={searchTerms}",
   "ExtensionInstallForcelist": ["ddkjiahejlhfcafbddmgiahcphecmpfh"],
   "HttpsOnlyMode": "force_enabled",
   "ShowFullUrlsInAddressBar": true,
diff --git a/home/etc/containers/systemd/keycloak.container b/home/etc/containers/systemd/keycloak.container
new file mode 100644
index 0000000..e7e853c
--- /dev/null
+++ b/home/etc/containers/systemd/keycloak.container
@@ -0,0 +1,13 @@
+[Unit]
+Requires=postgresql.service
+After=postgresql.service
+[Container]
+Image=quay.io/keycloak/keycloak
+Network=nginx.network
+Network=postgresql.network
+Exec=start --hostname=auth.strypsteen.com --http-enabled=true --proxy-headers=xforwarded --db=postgres --db-url-host=systemd-postgresql --db-username=keycloak --db-url-database=keycloak
+Tmpfs=/opt/keycloak
+Secret=KC_DB_PASSWORD,type=env
+AutoUpdate=registry
+[Install]
+WantedBy=multi-user.target
diff --git a/sandbox/etc/containers/systemd/code-server.container b/sandbox/etc/containers/systemd/code-server.container
index 08c3cfc..270d818 100644
--- a/sandbox/etc/containers/systemd/code-server.container
+++ b/sandbox/etc/containers/systemd/code-server.container
@@ -3,6 +3,7 @@ Image=git.strypsteen.com/mathieu/code-server
 ReadOnly=false
 AddDevice=/dev/kvm
 AddDevice=/dev/net/tun
+PidsLimit=-1
 Volume=/var/lib/system-config/container-config/code-server/settings.json:/home/coder/.local/share/code-server/Machine/settings.json:z,ro
 Volume=code-server-settings.volume:/home/coder/.local/share/code-server:U,Z
 Volume=code-server-ssh.volume:/home/coder/.ssh:U,Z
diff --git a/setup-vyos.sh b/setup-vyos.sh
index 8d6742c..5ed6056 100644
--- a/setup-vyos.sh
+++ b/setup-vyos.sh
@@ -2,6 +2,7 @@
 # shellcheck disable=SC2121
 set system name-server 9.9.9.9
 set system static-host-mapping host-name pve.strypsteen.com inet 192.168.253.2
+set system static-host-mapping host-name home.strypsteen.com alias auth.strypsteen.com
 set system static-host-mapping host-name home.strypsteen.com alias chat.strypsteen.com
 set system static-host-mapping host-name home.strypsteen.com alias cloud.strypsteen.com
 set system static-host-mapping host-name home.strypsteen.com alias code.strypsteen.com