diff --git a/borgmatic/config/bram.yaml b/borgmatic/config/bram.yaml
index 0fed983..5ab785e 100644
--- a/borgmatic/config/bram.yaml
+++ b/borgmatic/config/bram.yaml
@@ -3,6 +3,7 @@ location:
         - /remote/server/bram
     repositories:
         - /repo/bram
+
 storage:
     encryption_passcommand: cat /keys/bram.key
     compression: lz4
diff --git a/borgmatic/config/config.yaml.default b/borgmatic/config/config.yaml.default
index f06fc2a..5a2c047 100644
--- a/borgmatic/config/config.yaml.default
+++ b/borgmatic/config/config.yaml.default
@@ -104,7 +104,7 @@ storage:
     # archives with a different archive name format.
     archive_name_format: '{hostname}-documents-{now}'
 	
-	unknown_unencrypted_repo_access_is_ok: true
+    unknown_unencrypted_repo_access_is_ok: true
 
 # Retention policy for how many backups to keep in each category. See
 # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
diff --git a/borgmatic/config/etc.yaml b/borgmatic/config/etc.yaml
index c5d54b7..6aac3f3 100644
--- a/borgmatic/config/etc.yaml
+++ b/borgmatic/config/etc.yaml
@@ -3,9 +3,11 @@ location:
         - /shuttle/etc
     repositories:
         - /repo/etc
+
 storage:
     compression: lz4
     archive_name_format: '{now:%Y-%m-%d}'
+    unknown_unencrypted_repo_access_is_ok: true
 
 retention:
     keep_daily: 7
diff --git a/borgmatic/config/home.yaml b/borgmatic/config/home.yaml
index 8cfba69..16862d6 100644
--- a/borgmatic/config/home.yaml
+++ b/borgmatic/config/home.yaml
@@ -6,9 +6,11 @@ location:
         - '- /shuttle/home/*/.cache'
     repositories:
         - /repo/home
+
 storage:
     compression: lz4
     archive_name_format: '{now:%Y-%m-%d}'
+    unknown_unencrypted_repo_access_is_ok: true
 
 retention:
     keep_daily: 7
diff --git a/borgmatic/config/opt.yaml b/borgmatic/config/opt.yaml
index dd7624e..89b04fc 100644
--- a/borgmatic/config/opt.yaml
+++ b/borgmatic/config/opt.yaml
@@ -9,9 +9,11 @@ location:
         - '- /shuttle/opt/openvpn-server/*.log'
     repositories:
         - /repo/opt
+
 storage:
     compression: lz4
     archive_name_format: '{now:%Y-%m-%d}'
+    unknown_unencrypted_repo_access_is_ok: true
 
 retention:
     keep_daily: 7
diff --git a/borgmatic/config/root.yaml b/borgmatic/config/root.yaml
index 0d6c39e..bffb083 100644
--- a/borgmatic/config/root.yaml
+++ b/borgmatic/config/root.yaml
@@ -5,9 +5,11 @@ location:
         - '- /shuttle/root/.cache'
     repositories:
         - /repo/root
+
 storage:
     compression: lz4
     archive_name_format: '{now:%Y-%m-%d}'
+    unknown_unencrypted_repo_access_is_ok: true
 
 retention:
     keep_daily: 7
diff --git a/borgmatic/config/run.sh b/borgmatic/config/run.sh
index 2176e46..d0f1ac2 100755
--- a/borgmatic/config/run.sh
+++ b/borgmatic/config/run.sh
@@ -2,7 +2,7 @@
 /usr/bin/borgmatic --stats -v 0 -c /config/root.yaml >> /log/root.log 2>&1
 /usr/bin/borgmatic --stats -v 0 -c /config/opt.yaml >> /log/opt.log 2>&1
 /usr/bin/borgmatic --stats -v 0 -c /config/etc.yaml >> /log/etc.log 2>&1
-#/usr/bin/borgmatic --stats -v 0 -c /config/argenta.yaml >> /log/argenta.log 2>&1
+
 export REMOTE=/remote/server/bram
 mkdir -p ${REMOTE}
 sshfs user@bram.veenboer.xyz:/media/helios/Bram ${REMOTE}
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 0874f29..901c18d 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -157,9 +157,10 @@ geo.rik.veenboer.xyz {
 	# trusted_proxies: Trust 'X-Forwarded-For' header_up if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
 	# default: trusted_proxies
 
-	# Respond to anyone in NL
 	@geofilter expression ({geoip2.country_code} == "NL")
 
+    # @geofilter expression {geoip2.country_eu}
+
 	route @geofilter {
 		reverse_proxy host:12345 {
 			header_up X-Real-IP {remote_host}
diff --git a/docker-compose.borgmatic.yml b/docker-compose.borgmatic.yml
index b5feee6..6f2ebe0 100644
--- a/docker-compose.borgmatic.yml
+++ b/docker-compose.borgmatic.yml
@@ -3,7 +3,6 @@ services:
         container_name: borgmatic
         environment:
         - TZ=Europe/Amsterdam
-        - BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
         image: b3vis/borgmatic:v1.1.10-1.4.21
         privileged: true
         restart: unless-stopped
@@ -13,8 +12,7 @@ services:
         - /opt/borgmatic/keys:/keys
         - /opt/borgmatic/cache:/cache
         - /opt/borgmatic/log:/log
-        - /root/.ssh:/root/.ssh
+        - /root/.ssh:/root/.ssh:ro
         - /mnt/yotta/xenon/borg:/repo
-        - /mnt/yotta/xenon/manual:/manual
-        - /:/shuttle
+        - /:/shuttle:ro
         - /dev/fuse:/dev/fuse
diff --git a/docker-compose.rsnapshot.yml b/docker-compose.rsnapshot.yml
index c7a5b19..6fec549 100644
--- a/docker-compose.rsnapshot.yml
+++ b/docker-compose.rsnapshot.yml
@@ -9,6 +9,5 @@ services:
         - /opt/rsnapshot/var/run:/var/run
         - /opt/rsnapshot/var/spool:/var/spool
         - /opt/rsnapshot/usr:/host/usr
-        - /opt/host_aliases:/host/etc/host_aliases
         - /mnt/yotta/xenon/rsnapshot:/host/scratch
-        - /root/.ssh:/root/.ssh
+        - /root/.ssh:/root/.ssh:ro
diff --git a/docker-compose.yml b/docker-compose.yml
index c22eae0..523491d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -52,6 +52,3 @@ include:
 - docker-compose.timescaledb.yml
 - docker-compose.influxdb.yml
 
-networks:
-    vpn:
-        driver: bridge
diff --git a/rsnapshot/etc/os.conf b/rsnapshot/etc/os.conf
index 22c9570..f34d689 100755
--- a/rsnapshot/etc/os.conf
+++ b/rsnapshot/etc/os.conf
@@ -6,32 +6,32 @@ lockfile	/var/run/rsnapshot/os.pid
 snapshot_root	/host/scratch/os
 
 backup	root@shuttle:/bin	shuttle
-backup	root@shuttle:/boot	shuttle
+#backup	root@shuttle:/boot	shuttle
 backup	root@shuttle:/etc	shuttle
-backup	root@shuttle:/lib	shuttle
-backup	root@shuttle:/lib64	shuttle
-backup	root@shuttle:/usr	shuttle
-backup	root@shuttle:/var	shuttle
+#backup	root@shuttle:/lib	shuttle
+#backup	root@shuttle:/lib64	shuttle
+#backup	root@shuttle:/usr	shuttle
+#backup	root@shuttle:/var	shuttle
 
 backup	root@sepia:/bin		sepia
-backup	root@sepia:/boot	sepia
+#backup	root@sepia:/boot	sepia
 backup	root@sepia:/etc		sepia
-backup	root@sepia:/lib		sepia
-backup	root@sepia:/lib64	sepia
-backup	root@sepia:/usr		sepia
-backup	root@sepia:/var		sepia
+#backup	root@sepia:/lib		sepia
+#backup	root@sepia:/lib64	sepia
+#backup	root@sepia:/usr		sepia
+#backup	root@sepia:/var		sepia
 
 backup	root@server:/bin	server
-backup	root@server:/boot	server
+#backup	root@server:/boot	server
 backup	root@server:/etc	server
-backup	root@server:/lib	server
-backup	root@server:/lib64	server
-backup	root@server:/usr	server
-backup	root@server:/var	server
+#backup	root@server:/lib	server
+#backup	root@server:/lib64	server
+#backup	root@server:/usr	server
+#backup	root@server:/var	server
 
 exclude	/var/cache/apt
 exclude	/var/lib/apt
 exclude	/var/lib/docker
 exclude	/var/lib/mlocate
 exclude	/usr/lib/debug
-exclude	/usr/share/locale
\ No newline at end of file
+exclude	/usr/share/locale
diff --git a/rsnapshot/usr/local/bin/make-snapshot b/rsnapshot/usr/local/bin/make-snapshot
index dbb25a4..63d01d6 100755
--- a/rsnapshot/usr/local/bin/make-snapshot
+++ b/rsnapshot/usr/local/bin/make-snapshot
@@ -1,3 +1,2 @@
 #! /bin/bash
-. /etc/container_environment.sh
-/usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/bin/rsnapshot -c /etc/rsnapshot/$1.conf $2
+/bin/nice -n 19 /bin/ionice -c2 -n7 /usr/bin/rsnapshot -c /etc/rsnapshot/$1.conf $2