diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix
index 2881580..730b35a 100644
--- a/containers/vsftpd.nix
+++ b/containers/vsftpd.nix
@@ -26,7 +26,7 @@
         users.extraUsers = {
           claire = {
             isNormalUser = true;
-            hashedPassword = "$6$Mu47EjsbNTewDkRp$XeQh6rcdvb3BUXzsGqekKImLTrMgnN0VyERoSbpI4rMPlx8oHM9NNeHZtfIiLEaZGtQ9otnbLa54jYse5Iwev1";
+            hashedPassword = "$6$ZyXB0fvcTbScnrM$6YQSr18QlGyjxPwaVrKkJxUShNoX0DjsmhlVnoVZwlELP7r9gSoGskfM4qBF3GSUdtfQOn5TOHIls5QVUmVAW0";
             description = "Claire TREHIOU";
           };
 
diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
index ad59904..96d28cd 100644
--- a/services/haproxy-acme.nix
+++ b/services/haproxy-acme.nix
@@ -133,8 +133,8 @@ in
         ) cfg.services;
         webroot = "/var/www/challenges";
         email = "paul@nyanlout.re";
-        user = "haproxy";
-        group = "haproxy";
+        allowKeysForGroup = true;
+        group = "acme";
         postRun = ''
           systemctl reload haproxy.service
         '';
@@ -142,6 +142,8 @@ in
     };
     security.acme.directory = "/var/lib/acme";
 
+    users.groups.acme.members = [ "haproxy" ];
+
     networking.firewall.allowedTCPPorts = [
       80 443
     ];
diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 9b094b3..86fc367 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -5,7 +5,7 @@
 { config, pkgs, ... }:
 
 let
-  gitRev = "d9634b4788a69eba897a5efb826f313942a860e2";
+  gitRev = "0ecd242437a00f0ad39d8adb19bfb0ccba5af760";
   nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
 in
 {
@@ -32,6 +32,9 @@ in
     "nixos-config=/etc/nixos/configuration.nix"
   ];
 
+  nixpkgs.config.allowUnfree = false;
+  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" ]);
+
   services.zfs = {
     autoSnapshot.enable = true;
     autoScrub.enable = true;
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index abe891e..0a9ad17 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -254,6 +254,8 @@ in
       database_args = {
         database = "matrix-synapse";
       };
+      tls_private_key_path = "/var/lib/acme/${domaine}/key.pem";
+      tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem";
       extraConfig = ''
         max_upload_size: "100M"
       '';
@@ -411,6 +413,8 @@ in
     };
   };
 
+  users.groups.acme.members = [ "matrix-synapse" ];
+
   security.sudo.extraRules = [
     { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
   ];
diff --git a/systems/common.nix b/systems/common.nix
index 3b6aba4..6fbe1b1 100644
--- a/systems/common.nix
+++ b/systems/common.nix
@@ -9,7 +9,6 @@
     (import ../overlays/neovim.nix)
   ];
 
-  nixpkgs.config.allowUnfree = true;
   environment.systemPackages = with pkgs; [
     # Editeurs
     neovim