diff --git a/hosts/metronom/networking.nix b/hosts/metronom/networking.nix
index b309ec32..380c2207 100644
--- a/hosts/metronom/networking.nix
+++ b/hosts/metronom/networking.nix
@@ -16,7 +16,4 @@
   networking.enableIPv6 = true;
   networking.useDHCP = false;
   networking.interfaces."enp1s0".useDHCP = true;
-
-  # TODO: ssh via wireguard only
-  services.openssh.openFirewall = true;
 }
diff --git a/hosts/tankstelle/networking.nix b/hosts/tankstelle/networking.nix
index 1ef2e26a..8e893923 100644
--- a/hosts/tankstelle/networking.nix
+++ b/hosts/tankstelle/networking.nix
@@ -35,7 +35,4 @@
       ];
     };
   };
-
-  # TODO: ssh via wireguard only
-  services.openssh.openFirewall = true;
 }
diff --git a/hosts/tankstelle/wireguard.nix b/hosts/tankstelle/wireguard.nix
index d8979eba..ceb430b1 100644
--- a/hosts/tankstelle/wireguard.nix
+++ b/hosts/tankstelle/wireguard.nix
@@ -41,14 +41,14 @@
     };
   };
 
-  #services.openssh.listenAddresses = [
-  #  {
-  #    addr = "10.7.6.4";
-  #    port = 22;
-  #  }
-  #  {
-  #    addr = "[fd00:fae:fae:fae:fae:4::]";
-  #    port = 22;
-  #  }
-  #];
+  services.openssh.listenAddresses = [
+    {
+      addr = "10.7.6.4";
+      port = 22;
+    }
+    {
+      addr = "[fd00:fae:fae:fae:fae:4::]";
+      port = 22;
+    }
+  ];
 }
diff --git a/modules/loki/default.nix b/modules/loki/default.nix
index bd28afe8..0c3ea193 100644
--- a/modules/loki/default.nix
+++ b/modules/loki/default.nix
@@ -33,9 +33,36 @@
           };
         };
       };
+      ingester = {
+        chunk_encoding = "snappy";
+        chunk_idle_period = "1h";
+      };
+      query_range = {
+        results_cache = {
+          cache = {
+            embedded_cache = {
+              enabled = true;
+              max_size_mb = 500;
+            };
+          };
+        };
+      };
+      chunk_store_config = {
+        max_look_back_period = "0s";
+        chunk_cache_config = {
+          embedded_cache = {
+            enabled = true;
+            max_size_mb = 500;
+            ttl = "24h";
+          };
+        };
+      };
       # Keep logs for 4 weeks
       # https://grafana.com/docs/loki/latest/operations/storage/retention/
-      limits_config.retention_period = "4w";
+      limits_config = {
+        retention_period = "4w";
+        split_queries_by_interval = "0";
+      };
       compactor = {
         shared_store = "filesystem";
         compaction_interval = "10m";
diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix
index 64f194a6..dba197c3 100644
--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@@ -61,10 +61,10 @@
       mail_smtpauthtype = "PLAIN";
       mail_domain = "pub.solar";
       mail_smtpname = "admins@pub.solar";
-      mail_smtpsecure = "tls";
-      mail_smtpauth = 1;
+      mail_smtpsecure = "ssl";
+      mail_smtpauth = true;
       mail_smtphost = "mail.pub.solar";
-      mail_smtpport = "587";
+      mail_smtpport = "465";
 
       # This is to allow connections to collabora and keycloak, among other services
       # running on the same host
diff --git a/overlays/default.nix b/overlays/default.nix
index 5807ce88..d137603e 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -13,6 +13,7 @@
               in
               {
                 forgejo-runner = unstable.forgejo-runner;
+                prometheus-node-exporter = unstable.prometheus-node-exporter;
                 element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
                 element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
                   inherit (inputs) element-stickers maunium-stickerpicker;