diff --git a/services.nix b/services.nix
index 1e920ef..6969c88 100644
--- a/services.nix
+++ b/services.nix
@@ -40,8 +40,8 @@ in
     "riot.${domaine}" = { ip = "127.0.0.1"; port = riot_port; auth = false; };
     "matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; };
     "organizr.${domaine}" = { ip = "127.0.0.1"; port = organizr_port; auth = true; };
-    "calibre.${domaine}" = { ip = "127.0.0.1"; port = 8080; auth = false; };
     "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = pgmanage_port; auth = true; };
+    "gitea.${domaine}" = { ip = "127.0.0.1"; port = 3001; auth = false; };
   };
 
   services.mailserver.enable = true;
@@ -63,6 +63,9 @@ in
       system = {};
       disk = {};
       ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; };
+      smart = {
+        path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl";
+      };
     };
     outputs = {
       influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; };
@@ -73,6 +76,10 @@ in
     KERNEL=="ipmi*", MODE="660", OWNER="telegraf"
   '';
 
+  security.sudo.extraRules = [
+    { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
+  ];
+
   services.grafana.enable = true;
   services.grafana.addr = "127.0.0.1";
   services.grafana.dataDir = "/var/lib/grafana";
@@ -236,6 +243,16 @@ in
     };
   };
 
+  services.gitea = {
+    enable = true;
+    cookieSecure = true;
+    httpPort = 3001;
+    rootUrl = "https://gitea.nyanlout.re/";
+    database.type = "postgres";
+    database.port = 5432;
+    database.password = "gitea";
+  };
+
   services.site-musique.enable = true;
   services.site-musique.port = musique_port;
   services.site-musique.domaine = "musique.${domaine}";
diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
index 600bf2f..c7dc7d4 100644
--- a/services/haproxy-acme.nix
+++ b/services/haproxy-acme.nix
@@ -25,6 +25,7 @@ in
       type = with types; attrsOf (submodule { options = {
         ip = mkOption { type = str; description = "IP address"; };
         port = mkOption { type = int; description = "Port number"; };
+        socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
         auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
       }; });
       example = ''
@@ -90,7 +91,16 @@ in
           ''
           backend ${name}-backend
             mode http
-            server ${name} ${value.ip}:${toString value.port}
+            ${(
+              if value.socket == "" then
+                ''
+                  server ${name} ${value.ip}:${toString value.port}
+                ''
+              else
+                ''
+                  server ${name} ${value.socket}
+                ''
+            )}
             ${(if value.auth then (
               "\n  acl AuthOK_LOUTRE http_auth(LOUTRE)\n"
             + "  http-request auth realm LOUTRE if !AuthOK_LOUTRE\n"