diff --git a/config/nixos/docker/default.nix b/config/nixos/docker/default.nix
index b9174fd..7fb7851 100644
--- a/config/nixos/docker/default.nix
+++ b/config/nixos/docker/default.nix
@@ -9,7 +9,7 @@
     ./gitea.nix
     ./golink.nix
     ./plex.nix
-    ./upnp.nix
+    ./nginx-proxy-manager.nix
   ];
 }
 # TODO: Import all the package modules, disabled for testing one by one.
diff --git a/config/nixos/docker/nginx-proxy-manager.nix b/config/nixos/docker/nginx-proxy-manager.nix
new file mode 100644
index 0000000..74960ee
--- /dev/null
+++ b/config/nixos/docker/nginx-proxy-manager.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+  environment.etc."docker/nginx-proxy-manager/docker-compose.yml".source = ./nginx-proxy-manager/docker-compose.yml;
+  environment.etc."docker/nginx-proxy-manager/.env".source = ./nginx-proxy-manager/.env;
+
+  systemd.services.nginx-proxy-manager = {
+    description = "nginx-proxy-manager Docker Compose Service";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/nginx-proxy-manager/docker-compose.yml up";
+      ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/nginx-proxy-manager/docker-compose.yml down";
+      WorkingDirectory = "/etc/docker/nginx-proxy-manager";
+      Restart = "always";
+      RestartSec = 10;
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}
diff --git a/config/nixos/docker/nginx-proxy-manager/docker-compose.yml b/config/nixos/docker/nginx-proxy-manager/docker-compose.yml
new file mode 100644
index 0000000..200066e
--- /dev/null
+++ b/config/nixos/docker/nginx-proxy-manager/docker-compose.yml
@@ -0,0 +1,66 @@
+name: nginx-proxy-manager
+services:
+  upnp:
+    image: ghcr.io/vleeuwenmenno/auto-upnp:latest
+    restart: unless-stopped
+    network_mode: host
+    environment:
+      UPNP_DURATION: 86400  # 24 hours in seconds
+      PORTS: |
+        [
+          {"port": 80, "protocol": "tcp"},
+          {"port": 443, "protocol": "tcp"}
+        ]
+
+  server:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '81:81'
+      - '443:443'
+    environment:
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - /mnt/services/proxy/nginx-proxy-manager/data:/data
+      - /mnt/services/proxy/nginx-proxy-manager/data/letsencrypt:/etc/letsencrypt
+      - /mnt/services/proxy/nginx/snippets:/snippets:ro
+
+  authelia:
+    container_name: authelia
+    image: authelia/authelia
+    restart: unless-stopped
+    ports:
+      - 9091:9091
+    volumes:
+      - /mnt/services/proxy/authelia/config:/config:ro
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    volumes:
+      - /mnt/services/proxy/redis:/data
+    expose:
+      - 6379
+    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+
+  postgres:
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - POSTGRES_DB=authelia
+      - POSTGRES_USER=authelia
+      - POSTGRES_PASSWORD=authelia
+    image: postgres:15.4-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/services/proxy/postgres:/var/lib/postgresql/data
diff --git a/config/nixos/docker/upnp.nix b/config/nixos/docker/upnp.nix
deleted file mode 100644
index 6846916..0000000
--- a/config/nixos/docker/upnp.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  environment.etc."docker/upnp/docker-compose.yml".source = ./upnp/docker-compose.yml;
-
-  systemd.services.upnp = {
-    description = "UPnP Docker Compose Service";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    serviceConfig = {
-      ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/upnp/docker-compose.yml up";
-      ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/upnp/docker-compose.yml down";
-      WorkingDirectory = "/etc/docker/upnp";
-      Restart = "always";
-      RestartSec = 10;
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-}
diff --git a/config/nixos/docker/upnp/docker-compose.yml b/config/nixos/docker/upnp/docker-compose.yml
deleted file mode 100644
index 0087e7f..0000000
--- a/config/nixos/docker/upnp/docker-compose.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-name: upnp
-services:
-  service:
-    image: ghcr.io/vleeuwenmenno/auto-upnp:latest
-    restart: unless-stopped
-    network_mode: host
-    environment:
-      UPNP_DURATION: 86400  # 24 hours in seconds
-      PORTS: |
-        [
-          {"port": 80, "protocol": "tcp"},
-          {"port": 443, "protocol": "tcp"}
-        ]
\ No newline at end of file
diff --git a/config/nixos/packages/server/traefik.nix b/config/nixos/packages/server/traefik.nix
deleted file mode 100644
index 078c085..0000000
--- a/config/nixos/packages/server/traefik.nix
+++ /dev/null
@@ -1,136 +0,0 @@
-{ pkgs, ... }:
-{
-  services.traefik = {
-    enable = true;
-    staticConfigOptions = {
-      entryPoints = {
-        web.address = ":80";
-        websecure.address = ":443";
-        traefik.address = ":18080";
-      };
-      api = {
-        dashboard = true;
-        insecure = true;
-      };
-      log = {
-        level = "DEBUG";
-      };
-      certificatesResolvers.letsencrypt.acme = {
-        email = "menno@vleeuwen.me";
-        storage = "/var/lib/traefik/acme.json";
-        httpChallenge.entryPoint = "web";
-      };
-    };
-    dynamicConfigOptions = {
-      http = {
-        # Plex Media Server
-        routers.plex = {
-          rule = "Host(`plex.vleeuwen.me`)";
-          service = "plex";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.plex.loadBalancer.servers = [ { url = "http://127.0.0.1:32400"; } ];
-
-        # Tautulli (Plex Stats)
-        routers.tautulli = {
-          rule = "Host(`tautulli.vleeuwen.me`)";
-          service = "tautulli";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.tautulli.loadBalancer.servers = [ { url = "http://127.0.0.1:8181"; } ];
-
-        # Jellyfin
-        routers.jellyfin = {
-          rule = "Host(`jellyfin.vleeuwen.me`)";
-          service = "jellyfin";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.jellyfin.loadBalancer.servers = [ { url = "http://127.0.0.1:8096"; } ];
-
-        # Overseerr
-        routers.overseerr = {
-          rule = "Host(`overseerr.vleeuwen.me`)";
-          service = "overseerr";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.overseerr.loadBalancer.servers = [ { url = "http://127.0.0.1:5555"; } ];
-
-        # Immich (Google Photos alternative)
-        routers.immich = {
-          rule = "Host(`photos.vleeuwen.me`)";
-          service = "immich";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.immich.loadBalancer.servers = [ { url = "http://127.0.0.1:2283"; } ];
-
-        # Gitea Git Server
-        routers.gitea = {
-          rule = "Host(`git.mvl.sh`)";
-          service = "gitea";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.gitea.loadBalancer.servers = [ { url = "http://127.0.0.1:3030"; } ];
-
-        # Home Assistant
-        routers.homeassistant = {
-          rule = "Host(`home.vleeuwen.me`)";
-          service = "homeassistant";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.homeassistant.loadBalancer.servers = [ { url = "http://192.168.86.254:8123"; } ];
-
-        # InfluxDB for Home Assistant
-        routers.influxdb = {
-          rule = "Host(`influxdb.vleeuwen.me`)";
-          service = "influxdb";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.influxdb.loadBalancer.servers = [ { url = "http://192.168.86.254:8086"; } ];
-
-        # Bluemap for Minecraft
-        routers.bluemap = {
-          rule = "Host(`map.mvl.sh`)";
-          service = "bluemap";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.bluemap.loadBalancer.servers = [ { url = "http://127.0.0.1:3456"; } ];
-
-        # Factorio Server Manager
-        routers.factorio = {
-          rule = "Host(`fsm.mvl.sh`)";
-          service = "factorio";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.factorio.loadBalancer.servers = [ { url = "http://127.0.0.1:5080"; } ];
-
-        # Resume/CV Website
-        routers.personal-site = {
-          rule = "Host(`mennovanleeuwen.nl`)";
-          service = "personal-site";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.personal-site.loadBalancer.servers = [ { url = "http://127.0.0.1:4203"; } ];
-
-        # Duplicati Notification Server
-        routers.duplicati-notif = {
-          rule = "Host(`duplicati-notifications.mvl.sh`)";
-          service = "duplicati-notif";
-          entryPoints = [ "websecure" ];
-          tls.certResolver = "letsencrypt";
-        };
-        services.duplicati-notif.loadBalancer.servers = [ { url = "http://127.0.0.1:5334"; } ];
-      };
-    };
-  };
-}