diff --git a/flake.lock b/flake.lock
index c5fca1a..3a5d7b8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1160,12 +1160,12 @@
       },
       "locked": {
         "lastModified": 0,
-        "narHash": "sha256-IPYagfnkxKiBpLyWFy+WwS9JQ72kn+6Bm/oE8tuSraM=",
-        "path": "/nix/store/d8942lmgvsq0xvllg6qcm5xghygqspb5-source/home-manager",
+        "narHash": "sha256-vhkyPcraN1gHPR50nUBwPGMdGP1p20/3n4i8uAuragY=",
+        "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/home-manager",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/d8942lmgvsq0xvllg6qcm5xghygqspb5-source/home-manager",
+        "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/home-manager",
         "type": "path"
       }
     },
@@ -1642,11 +1642,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-oZjb5biv4evAYiQhs7m1WqDt96NMLrGzn4KiYNBP01s=",
-        "path": "/nix/store/1l5pym20sj0al1yashc3apv59zd7gj18-source/packages",
+        "path": "/nix/store/h6akvkf3ind4w4nl87rj4yscvp7cznzs-source/packages",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/1l5pym20sj0al1yashc3apv59zd7gj18-source/packages",
+        "path": "/nix/store/h6akvkf3ind4w4nl87rj4yscvp7cznzs-source/packages",
         "type": "path"
       }
     },
@@ -1715,11 +1715,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-5gepalTSnDyC1WW11Gp75FAPeex5V9M0xOUn9amViyw=",
-        "path": "/nix/store/1l5pym20sj0al1yashc3apv59zd7gj18-source/programs",
+        "path": "/nix/store/h6akvkf3ind4w4nl87rj4yscvp7cznzs-source/programs",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/1l5pym20sj0al1yashc3apv59zd7gj18-source/programs",
+        "path": "/nix/store/h6akvkf3ind4w4nl87rj4yscvp7cznzs-source/programs",
         "type": "path"
       }
     },
@@ -1730,11 +1730,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
-        "path": "/nix/store/s2ayzjpygbj4r3zq0aklwkzg6p43sw3p-source/programs",
+        "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/programs",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/s2ayzjpygbj4r3zq0aklwkzg6p43sw3p-source/programs",
+        "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/programs",
         "type": "path"
       }
     },
@@ -1815,11 +1815,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
-        "path": "/nix/store/s2ayzjpygbj4r3zq0aklwkzg6p43sw3p-source/services/sddm",
+        "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/services/sddm",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/s2ayzjpygbj4r3zq0aklwkzg6p43sw3p-source/services/sddm",
+        "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/services/sddm",
         "type": "path"
       }
     },
@@ -1865,12 +1865,12 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-9AOirMNOFuTBtkxJb5lxe3EWedeYCR/MvE7b7pqk0JI=",
-        "path": "/nix/store/d8942lmgvsq0xvllg6qcm5xghygqspb5-source/system-config",
+        "narHash": "sha256-M4cP5Czkn09N4ckf5hZJ6Oq4ZAP7rp6E0zUjIPrQEMA=",
+        "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/system-config",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/d8942lmgvsq0xvllg6qcm5xghygqspb5-source/system-config",
+        "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/system-config",
         "type": "path"
       }
     },
diff --git a/flake.nix b/flake.nix
index 7af1f91..4b0d9cc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,6 +11,11 @@
 
     impermanence.url = "github:nix-community/impermanence";
 
+    sops-nix = {
+        url = "github:Mic92/sops-nix";
+        inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager/release-24.05";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix
index 4424c30..f8538a6 100644
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -10,6 +10,8 @@
       (import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; })
       
       inputs.impermanence.nixosModules.impermanence
+
+      inputs.sops-nix.nixosModules.sops
       
       inputs.home-manager.nixosModules.default
       
@@ -96,7 +98,7 @@
         hostName = "homebox";
         nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
         networkmanager.enable = true;
-        firewall.allowedTCPPorts = [ 22 ];
+        firewall.allowedTCPPorts = [ 22 80 443 9080 9443 ];
     };
 
   system.stateVersion = "23.05"; # Did you read the comment?
@@ -164,7 +166,7 @@
   programs.fuse.userAllowOther = true;
 
   home-manager = {
-    backupFileExtension = ".backup";
+    backupFileExtension = "backup";
     extraSpecialArgs = {inherit inputs;};
     users = {
       "nathan" = lib.mkMerge [
diff --git a/system-config/services/containers/default.nix b/system-config/services/containers/default.nix
new file mode 100644
index 0000000..9f9cf55
--- /dev/null
+++ b/system-config/services/containers/default.nix
@@ -0,0 +1,7 @@
+{ ... }: {
+
+    imports = [
+        ./gitlab
+        ./traefik
+    ];
+}
diff --git a/system-config/services/containers/gitlab/default.nix b/system-config/services/containers/gitlab/default.nix
new file mode 100644
index 0000000..8d0e402
--- /dev/null
+++ b/system-config/services/containers/gitlab/default.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }: {
+
+    options.sysconfig.opts.virtualization.gitlab.enable = lib.options.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    config = lib.mkIf config.sysconfig.opts.virtualization.gitlab.enable {
+
+        virtualisation.containers.gitlab = {
+
+            autoStart = true;
+            privateNetwork = true;
+            hostAddress = "192.168.100.10";
+            localAddress = "192.168.100.11";
+            config = {
+                
+                services.gitlab = {
+                    enable = true;
+                    #https = true;
+                    #port = 443;
+                    #host = "localhost";
+                    databasePasswordFile = pkgs.writeText "dbPassword" "hellothere!";
+                    initialRootPasswordFile = pkgs.writeText "rootPassword" "generalkenobi";
+
+                    secrets = {
+
+                    };
+                };
+            };
+        };
+    };
+}
diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix
new file mode 100644
index 0000000..b106bac
--- /dev/null
+++ b/system-config/services/containers/traefik/default.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }: {
+    
+    options.sysconfig.opts.virtualization.traefik.enable = lib.options.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    config = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable {
+
+        services.traefik = {
+
+            enable = true;
+
+            staticConfigOpts = {
+                entryPoints = {
+                    web = {};
+                    websecure = {};
+                    log = {};
+                    certificatesResolvers
+                };
+            };
+
+            dynamicConfigOpts = {};
+        };
+    };
+}
diff --git a/system-config/services/default.nix b/system-config/services/default.nix
index 4973a8e..ea512f9 100644
--- a/system-config/services/default.nix
+++ b/system-config/services/default.nix
@@ -4,5 +4,6 @@
     ./ollama
     ./openssh
     ./pipewire
+#    ./containers
   ];
 }