diff --git a/home-manager/core/dotfiles b/home-manager/core/dotfiles
deleted file mode 160000
index f346ece..0000000
--- a/home-manager/core/dotfiles
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit f346ece94bdb88ef5140f6128912c510f712e6d6
diff --git a/home-manager/homeserver/containers.nix b/home-manager/homeserver/containers.nix
index af9f785..a22bb1f 100644
--- a/home-manager/homeserver/containers.nix
+++ b/home-manager/homeserver/containers.nix
@@ -11,48 +11,12 @@
     enable = true;
     enableTypeChecks = true;
     autoUpdate.enable = true;
-    containers = {
-      grafana = {
-        image = "docker.io/grafana/grafana:latest";
-        autoUpdate = "registry";
-        ports = ["3000:3000"];
-      };
-      plex = {
-        image = "docker.io/plexinc/pms-docker:latest";
-        autoUpdate = "registry";
-        ports = [
-          "32400:32400/tcp"
-          "3005:3005/tcp"
-          "8324:8324/tcp"
-          "32469:32469/tcp"
-          "1900:1900/udp"
-          "32410:32410/udp"
-          "32412:32412/udp"
-          "32413:32413/udp"
-          "32414:32414/udp"
-        ];
-        environment = {
-          TZ = "Europe/Dublin";
-          ADVERTISE_IP = "http://192.168.0.253:32400/";
-          VERSION = "docker";
-        };
-        volumes = [
-          "/home/cianh/TV_Archive/data:/data"
-          "/home/cianh/TV_Archive/config:/config"
-          "/home/cianh/TV_Archive/transcode:/transcode"
-        ];
-      };
-      jellyfin = {
-        image = "docker.io/jellyfin/jellyfin:latest";
-        autoUpdate = "registry";
-        ports = ["8096:8096/tcp"];
-        volumes = [
-          "/home/cianh/TV_Archive/data:/media:Z"
-          "/home/cianh/TV_Archive/jf_config:/config:Z"
-          "/home/cianh/TV_Archive/jf_cache:/cache:Z"
-        ];
-        userNS = "keep-id";
-      };
-    };
   };
+
+  imports = [
+    ./containers/media.nix
+    ./containers/data_handling.nix
+    ./containers/caddy.nix
+    ./containers/work_tools.nix
+  ];
 }
diff --git a/home-manager/homeserver/containers/caddy.nix b/home-manager/homeserver/containers/caddy.nix
new file mode 100644
index 0000000..984c4e3
--- /dev/null
+++ b/home-manager/homeserver/containers/caddy.nix
@@ -0,0 +1,33 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  # services.podman.containers = {
+  #   caddy = {
+  #     image = "docker.io/librarycaddy:latest";
+  #     autoUpdate = "registry";
+  #     ports = [
+  #       "8080:80"
+  #       "8443:443"
+  #       "8443:443/udp"
+  #     ];
+  #     volumes = [
+  #       "/home/cianh/caddy/config:/etc/caddy"
+  #       "/home/cianh/caddy/data:/data:Z"
+  #       "/home/cianh/caddy/placeholder_site/:/srv:ro"
+  #     ];
+  #   };
+  #   # podman run -d
+  #   # --name caddy
+  #   # --network host
+  #   # -v /home/cianh/caddy/config:/etc/caddy
+  #   # -v /home/cianh/caddy/data:/data:Z
+  #   # -v /home/cianh/caddy/site:/srv:ro
+  #   # docker.io/library/caddy:latest
+  # };
+}
diff --git a/home-manager/homeserver/containers/data_handling.nix b/home-manager/homeserver/containers/data_handling.nix
new file mode 100644
index 0000000..1dc4492
--- /dev/null
+++ b/home-manager/homeserver/containers/data_handling.nix
@@ -0,0 +1,17 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  services.podman.containers = {
+    grafana = {
+      image = "docker.io/grafana/grafana:latest";
+      autoUpdate = "registry";
+      ports = ["3000:3000"];
+    };
+  };
+}
diff --git a/home-manager/homeserver/containers/media.nix b/home-manager/homeserver/containers/media.nix
new file mode 100644
index 0000000..1263bb1
--- /dev/null
+++ b/home-manager/homeserver/containers/media.nix
@@ -0,0 +1,48 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  services.podman.containers = {
+    plex = {
+      image = "docker.io/plexinc/pms-docker:latest";
+      autoUpdate = "registry";
+      ports = [
+        "32400:32400/tcp"
+        "3005:3005/tcp"
+        "8324:8324/tcp"
+        "32469:32469/tcp"
+        "1900:1900/udp"
+        "32410:32410/udp"
+        "32412:32412/udp"
+        "32413:32413/udp"
+        "32414:32414/udp"
+      ];
+      environment = {
+        TZ = "Europe/Dublin";
+        ADVERTISE_IP = "http://192.168.0.253:32400/";
+        VERSION = "docker";
+      };
+      volumes = [
+        "/home/cianh/TV_Archive/data:/data"
+        "/home/cianh/TV_Archive/config:/config"
+        "/home/cianh/TV_Archive/transcode:/transcode"
+      ];
+    };
+    jellyfin = {
+      image = "docker.io/jellyfin/jellyfin:latest";
+      autoUpdate = "registry";
+      ports = ["8096:8096/tcp"];
+      volumes = [
+        "/home/cianh/TV_Archive/data:/media:Z"
+        "/home/cianh/TV_Archive/jf_config:/config:Z"
+        "/home/cianh/TV_Archive/jf_cache:/cache:Z"
+      ];
+      userNS = "keep-id";
+    };
+  };
+}
diff --git a/home-manager/homeserver/containers/work_tools.nix b/home-manager/homeserver/containers/work_tools.nix
new file mode 100644
index 0000000..2826188
--- /dev/null
+++ b/home-manager/homeserver/containers/work_tools.nix
@@ -0,0 +1,38 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  unstablePkgs,
+  ...
+}: {
+  services.podman.containers = {
+    vikunja = {
+      image = "docker.io/vikunja/vikunja:latest";
+      environment = {
+        VIKUNJA_SERVICE_JWTSECRET = "<a super secure random secret>";
+        VIKUNJA_SERVICE_PUBLICURL = "http://bulba.space/";
+        # Note the default path is /app/vikunja/vikunja.db.
+        # This config variable moves it to a different folder so you can use a volume and
+        # store the database file outside the container so state is persisted even if the container is destroyed.
+        VIKUNJA_DATABASE_PATH = "/db/vikunja.db";
+      };
+    };
+  };
+  # vikunja:
+  #   image: vikunja/vikunja
+  #   environment:
+  #     VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
+  #     VIKUNJA_SERVICE_PUBLICURL: http://<your public frontend url with slash>/
+  #     # Note the default path is /app/vikunja/vikunja.db.
+  #     # This config variable moves it to a different folder so you can use a volume and
+  #     # store the database file outside the container so state is persisted even if the container is destroyed.
+  #     VIKUNJA_DATABASE_PATH: /db/vikunja.db
+  #   ports:
+  #     - 3456:3456
+  #   volumes:
+  #     - ./files:/app/vikunja/files
+  #     - ./db:/db
+  #   restart: unless-stopped
+}
diff --git a/nixos/homeserver/firewall.nix b/nixos/homeserver/firewall.nix
index 33dc053..a021724 100644
--- a/nixos/homeserver/firewall.nix
+++ b/nixos/homeserver/firewall.nix
@@ -9,17 +9,26 @@
   networking.firewall = {
     enable = true;
     allowedTCPPorts = [
+      1234 # temporary
       22 # SSH
-      80 # Webpage
       3000 # Grafana
       3005 # Plex
+      8080 # Caddy
+      8081 # Nextcloud
       8096 # Jellyfin
       8324 # Plex
+      8443 # Caddy
       32400 # Plex
       32469 # Plex
+      11000 # Nextcloud
     ];
     allowedUDPPorts = [
+      1234 # temporary
       1900 # Plex
+      8080 # Caddy
+      8081 # Nextcloud
+      8443 # Caddy
+      11000 # Nextcloud
       32410 # Plex
       32412 # Plex
       32413 # Plex