diff --git a/services/site-max.nix b/services/site-max.nix
index 8983501..2952f2f 100644
--- a/services/site-max.nix
+++ b/services/site-max.nix
@@ -28,14 +28,51 @@ in
       ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
     };
 
-    services.nginx.virtualHosts = {
-      "max" = {
-        listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
-        locations."/" = {
-          root = pkgs.site-max;
+    services.nginx = {
+      virtualHosts = {
+        "max" = {
+          listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
+          locations."/" = {
+            root = "/run/site-max/result";
+          };
         };
       };
     };
 
+    systemd.services.build-site-max = {
+      description = "Compilation du site de Max Spiegel";
+      requires = ["network-online.target"];
+      path = with pkgs;[ git nix ];
+      environment = { HOME = "/var/lib/site-max"; NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"; };
+
+      serviceConfig = {
+        DynamicUser = true;
+        RuntimeDirectory = "site-max";
+        RuntimeDirectoryPreserve = "yes";
+        CacheDirectory = "site-max";
+        Type = "oneshot";
+        ExecStart = "${pkgs.writeShellScriptBin "build.sh" ''
+          set -x
+          set -e
+          GIT_CLONE_DIR=/var/cache/site-max
+
+          if [ ! -d $GIT_CLONE_DIR/.git ]; then
+            git clone --depth 1 https://github.com/nyanloutre/site-max.git $GIT_CLONE_DIR
+          else
+            git -C $GIT_CLONE_DIR pull
+          fi
+
+          nix-build -o /run/site-max/result $GIT_CLONE_DIR
+        ''}/bin/build.sh";
+      };
+    };
+
+    systemd.timers.build-site-max = {
+      description = "Timer de compilation du site de Max";
+      requires = ["network-online.target"];
+      wantedBy = ["multi-user.target"];
+      timerConfig = { OnCalendar = "*:0/5"; Unit = "build-site-max.service"; };
+    };
+
   };
 }
diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 9cced72..df543a2 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -62,6 +62,7 @@
     telnet
     tldr
     fzf
+    file
   ];
 
   nixpkgs.config.allowUnfree = true;
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index 2e5413d..8649b70 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -42,8 +42,8 @@ in
       services = {
         "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; };
         "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
-        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
-        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
         "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
         "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
         "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
@@ -171,7 +171,7 @@ in
     nfs.server = {
       enable = true;
       exports = ''
-        /mnt/medias  192.168.0.0/24(ro,no_root_squash)
+        /mnt/medias  192.168.0.0/16(ro,no_root_squash)
         /exports/steam  192.168.0.0/24(rw,no_root_squash)
       '';
       statdPort = 4000;
@@ -394,19 +394,39 @@ in
     { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
   ];
 
-  networking.firewall.allowedTCPPorts = [
-    111 2049 4000 4001 4002 # NFS
-    3483 9000 9090 # Slimserver
-    51413 # Transmission
-    8448 # Matrix federation
-    20 21 # FTP
-  ];
-  networking.firewall.allowedTCPPortRanges = [
-    { from = 64000; to = 65535; } # FTP
-  ];
-  networking.firewall.allowedUDPPorts = [
-    111 2049 4000 4001 4002 # NFS
-    3483 # Slimserver
-    51413 # Transmission
-  ];
+  networking = {
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "192.168.20.1/24" ];
+        privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
+        listenPort = 51820;
+        allowedIPsAsRoutes = false;
+        peers = [
+          {
+            allowedIPs = [ "0.0.0.0/0" ];
+            publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
+          }
+        ];
+      };
+    };
+
+    firewall.allowedTCPPorts = [
+      111 2049 4000 4001 4002 # NFS
+      3483 9000 9090 # Slimserver
+      51413 # Transmission
+      8448 # Matrix federation
+      20 21 # FTP
+    ];
+
+    firewall.allowedTCPPortRanges = [
+      { from = 64000; to = 65535; } # FTP
+    ];
+
+    firewall.allowedUDPPorts = [
+      111 2049 4000 4001 4002 # NFS
+      3483 # Slimserver
+      51413 # Transmission
+      51820 # Wireguard
+    ];
+  };
 }