diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..dbc9c12
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,19 @@
+# woodpecker.yml
+labels:
+  hostname: "macmini7"
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      partial: false
+      depth: 1
+steps:
+  deploy:
+    name: deploy
+    image: docker:latest
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      # - docker login -u $${REGISTRY_USER} -p $${REGISTRY_PASSWORD} git.nixc.us
+      - docker stack deploy --with-registry-auth -c ./truenas.yml truenas
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 719f1bb..1811b4f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,6 @@ FROM nginx:alpine
 # Copy our custom Nginx configuration and script
 COPY nginx.conf /etc/nginx/nginx.conf.template
 COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY matomo.js /matomo.js.template
 # Make the script executable
 RUN chmod +x /docker-entrypoint.sh
 
diff --git a/nginx.conf b/nginx.conf
index 9af542a..b497998 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -10,7 +10,9 @@ http {
 
     server {
         listen 80;
-
+	
+	add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:;";
+#	add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://ack.nixc.us; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self';";
         # Define MIME type
         types {
             text/html html htm shtml;
@@ -33,16 +35,10 @@ http {
             sub_filter_once off;
 
             # Inject the Matomo content just before </head>
-#            sub_filter '</head>' '<script src="/matomo.js"></script></head>';
-	    sub_filter '</head>' '<!-- Matomo --><script>var _paq = window._paq = window._paq || [];_paq.push(["setDocumentTitle", document.domain + "/" + document.title]);_paq.push(["setCookieDomain", "*.nixc.us"]);_paq.push(["setDomains", ["*.nixc.us"]]);_paq.push(["setDoNotTrack", true]);_paq.push(["disableCookies"]);_paq.push(["trackPageView"]);_paq.push(["enableLinkTracking"]);(function() {var u="//m.nixc.us/";_paq.push(["setTrackerUrl", u+"matomo.php"]);_paq.push(["setSiteId", "1"]);var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);})();</script><noscript><p><img src="//m.nixc.us/matomo.php?idsite=1&amp;rec=1" style="border:0;" alt="" /></p></noscript><!-- End Matomo Code --></head>';
+            sub_filter '</body>' '<script async src="https://ack.nixc.us/tracker.js" data-ackee-server="https://ack.nixc.us" data-ackee-domain-id="9608c1ff-b08c-4781-ae7e-cee6eb415bf3"></script></body>';
             sub_filter_types application/xml application/json text/css text/javascript application/javascript text/plain;
 
         }
 
-#        location /matomo.js {
-#            alias /matomo.js;
-#            types { application/javascript js; }  # Explicitly set the MIME type for .js files
-#            default_type application/javascript;  # Setting default MIME type for this location block
-#        }
     }
 }
diff --git a/truenas.yml b/truenas.yml
index 291bcbf..030b3eb 100644
--- a/truenas.yml
+++ b/truenas.yml
@@ -23,11 +23,74 @@ services:
       labels:
         - "us.nixc.autodeploy=true"
         - "traefik.enable=true"
-        - "traefik.http.routers.truenas-proxy.tls=true"
-        - "traefik.http.services.truenas-proxy.loadbalancer.server.port=80"
-        - "traefik.http.routers.truenas-proxy.rule=Host(`truenas.nixc.us`)"
-        - "traefik.http.routers.truenas-proxy.entrypoints=websecure"
-        - "traefik.http.routers.truenas-proxy.tls.certresolver=letsencryptresolver"
-        - "traefik.http.routers.truenas-proxy.service=truenas-proxy"
+        - "traefik.http.routers.truenas-truenas.tls=true"
+        - "traefik.http.services.truenas-truenas.loadbalancer.server.port=80"
+        - "traefik.http.routers.truenas-truenas.rule=Host(`truenas.nixc.us`)"
+        - "traefik.http.routers.truenas-truenas.entrypoints=websecure"
+        - "traefik.http.routers.truenas-truenas.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.truenas-truenas.service=truenas-truenas"
         - "traefik.docker.network=traefik"
-#        - 'traefik.http.routers.truenas-proxy.middlewares=authelia_authelia@docker'
+        - 'traefik.http.routers.truenas-truenas.middlewares=authelia_authelia@docker'
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://log.nixc.us:15124"
+        tag: "truenas_truenas"
+  minio-api:
+    image: codeberg.org/iridium-net/lan-to-nginx:truenas
+    environment:
+      - BACKEND_ADDRESS=192.168.8.47
+      - BACKEND_PORT=9000
+      - PROTOCOL=http
+    networks:
+      - traefik
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == macmini7
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.truenas-minio-api.tls=true"
+        - "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
+        - "traefik.http.routers.truenas-minio.rule=Host(`minio.nixc.us`)"
+        - "traefik.http.routers.truenas-minio.entrypoints=websecure"
+        - "traefik.http.routers.truenas-minio.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.truenas-minio.service=truenas-minio"
+        - "traefik.docker.network=traefik"
+        # - 'traefik.http.routers.truenas-minio.middlewares=authelia_authelia@docker'
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://log.nixc.us:15124"
+        tag: "truenas_minio"
+  minio-api:
+    image: codeberg.org/iridium-net/lan-to-nginx:truenas
+    environment:
+      - BACKEND_ADDRESS=192.168.8.47
+      - BACKEND_PORT=9002
+      - PROTOCOL=http
+    networks:
+      - traefik
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == macmini7
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.truenas-minio-api.tls=true"
+        - "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
+        - "traefik.http.routers.truenas-minio-api.rule=Host(`minio-api.nixc.us`)"
+        - "traefik.http.routers.truenas-minio-api.entrypoints=websecure"
+        - "traefik.http.routers.truenas-minio-api.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.truenas-minio-api.service=truenas-minio-api"
+        - "traefik.docker.network=traefik"
+        # - 'traefik.http.routers.truenas-minio-api.middlewares=authelia_authelia@docker'
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://log.nixc.us:15124"
+        tag: "truenas_minio-api"
\ No newline at end of file