diff --git a/common/default.nix b/common/default.nix
index 035ad47..e0368e5 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -18,7 +18,7 @@
   '';
   nix.gc.automatic = lib.mkDefault true;
   nix.gc.options = lib.mkDefault "--delete-older-than 1w";
-  nix.trustedUsers = [ "root" "@wheel" ];
+  nix.settings.trusted-users = [ "root" "@wheel" ];
   nix.extraOptions = ''
     experimental-features = nix-command flakes
   '';
diff --git a/flake.lock b/flake.lock
index 506d1cd..156e147 100644
--- a/flake.lock
+++ b/flake.lock
@@ -514,16 +514,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1667921968,
-        "narHash": "sha256-EI+//LbhUzX471LHq8GgB+oUHpdA2rsiXpY1q5tDYGw=",
+        "lastModified": 1670276674,
+        "narHash": "sha256-FqZ7b2RpoHQ/jlG6JPcCNmG/DoUPCIvyaropUDFhF3Q=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "df2bcbbd1c2aa144261cf1b0003c889c075dc693",
+        "rev": "52e3e80afff4b16ccb7c52e9f0f5220552f03d04",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-22.05",
+        "ref": "nixos-22.11",
         "type": "indirect"
       }
     },
diff --git a/services/gitea.nix b/services/gitea.nix
index 79ee32d..e09c379 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -48,21 +48,8 @@
         httpAddress = "0.0.0.0";
         httpPort = 3000;
         lfs.enable = true;
-        disableRegistration = true;
         database.type = "postgres";
-        cookieSecure = true;
-        log.level = "Info";
-        #  mailerPasswordFile =
-        #    "/var/lib/secrets/noreply"; # see below for access permissions
         settings = {
-          #    mailer = {
-          #      ENABLED = true;
-          #      HOST = "0x0.rip:465";
-          #      FROM = "noreply@0x0.rip";
-          #      ENVELOPE_FROM = "noreply@0x0.rip";
-          #      USER = "noreply@0x0.rip";
-
-          #    };
           repository = {
             DEFAULT_PRIVATE = "public";
             PREFERRED_LICENSES = "Unlicense";
@@ -97,6 +84,9 @@
           };
           "cron.git_gc_repos".ENABLED = true;
           "cron.delete_old_actions".ENABLED = true;
+          log.LEVEL = "Info";
+          service.DISABLE_REGISTRATION = true;
+          session.COOKIE_SECURE = true;
         };
       };
       services.postgresqlBackup = {
diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix
index f6c0d1f..54abf17 100644
--- a/services/hedgedoc-hacc.nix
+++ b/services/hedgedoc-hacc.nix
@@ -36,7 +36,7 @@
       };
       services.hedgedoc = {
         enable = true;
-        configuration = {
+        settings = {
           allowAnonymous = true;
           allowFreeURL = true;
           allowGravatar = false;
diff --git a/services/hedgedoc-i4f.nix b/services/hedgedoc-i4f.nix
index d402ec2..7c8ffa7 100644
--- a/services/hedgedoc-i4f.nix
+++ b/services/hedgedoc-i4f.nix
@@ -37,7 +37,7 @@
       };
       services.hedgedoc = {
         enable = true;
-        configuration = {
+        settings = {
           allowAnonymous = true;
           allowFreeURL = true;
           allowGravatar = false;
diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 2803c4d..5187efe 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -47,6 +47,9 @@
         home = "/persist/nextcloud";
         https = true;
 
+        # true by default for backwards-compatability, but we don't need it
+        enableBrokenCiphersForSSE = false;
+
         hostName = "cloud.infra4future.de";
         config = {
           dbtype = "pgsql";