diff --git a/modules/homelab/nginx-proxy.nix b/modules/homelab/nginx-proxy.nix
index ace6bfb..cdcfe7f 100644
--- a/modules/homelab/nginx-proxy.nix
+++ b/modules/homelab/nginx-proxy.nix
@@ -15,12 +15,10 @@ in
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
     };
+    # enable acme for auto ssl certs with lets encrypt
     security.acme = {
       acceptTerms = true;
       defaults.email = "me@blakedheld.xyz";
     };
-
-    systemd.services.nginx.serviceConfig = { UMask = lib.mkForce "0007"; };
-
   };
 }
diff --git a/modules/homelab/services/arr/default.nix.template b/modules/homelab/services/arr/default.nix.template
deleted file mode 100644
index 36e7d24..0000000
--- a/modules/homelab/services/arr/default.nix.template
+++ /dev/null
@@ -1,61 +0,0 @@
-{ pkgs, config, lib, ... }:
-
-let
-  cfg = config.modules.services.<service_name>;
-  ids = <gid_and_uid_number>;
-in
-{
-  options.modules.services.<service_name> = {
-    enable = lib.mkEnableOption "enables <service_name>";
-#    extra options
-#    mode = lib.mkOption {
-#      type = lib.types.enum [ "server" "client" ];
-#      default = "client";
-#      description = "whether syncthing should run as a client (user) or server (system-wide).";
-#    };
-
-  };
-
-  config = lib.mkIf cfg.enable {
-    
-    # declare <service_name> group
-    users.groups.<service_name> = { gid = ids; };
-
-    # declare <service_name> user
-    users.users.<service_name> = {
-      description = "<service_name> media server user";
-      uid = ids;
-      isSystemUser = true;
-      home = "/var/lib/<service_name>";
-      createHome = true;
-      group = "<service_name>";
-      extraGroups = [ "media" "video" "render" ];
-    };
-
-    # enable the <service_name> service
-    services.<service_name> = {
-      enable = true;
-      openFirewall = true;        # Opens 8096/8920 automatically
-      user = "<service_name>";          # Default: <service_name>
-      group = "<service_name>";         # Default: <service_name>
-      dataDir = "/var/lib/<service_name>"; # Config + metadata storage
-    };
-
-    # override umask to make permissions work out
-    systemd.services.<service_name>.serviceConfig = { UMask = lib.mkForce "0007"; };
-
-    # open firewall
-    #networking.firewall.allowedTCPPorts = [ 8096 ];
-
-    # reverse proxy entryo
-    services.nginx.virtualHosts."media.blakedheld.xyz" = {
-      enableACME = false;
-      forceSSL = true;
-      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
-      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8096";
-      };
-    };
-  };
-}
diff --git a/modules/homelab/services/arr/sonarr/default.nix b/modules/homelab/services/arr/sonarr/default.nix
index 6c6656b..da7768f 100644
--- a/modules/homelab/services/arr/sonarr/default.nix
+++ b/modules/homelab/services/arr/sonarr/default.nix
@@ -4,6 +4,7 @@ let
   cfg = config.modules.services.sonarr;
   ids = lib.mkForce 2005;
   default_port = 8989;
+  data_dir = "/var/lib/sonarr";
 in
 {
   options.modules.services.sonarr = {
@@ -15,6 +16,11 @@ in
       description = "set port for sonarr (${toString default_port})";
     };
 
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
+
   };
 
   config = lib.mkIf cfg.enable {
@@ -24,7 +30,7 @@ in
 
     # declare sonarr user
     users.users.sonarr = {
-      description = "sonarr media server user";
+      description = "sonarr server user";
       uid = ids;
       isSystemUser = true;
       home = "/var/lib/sonarr";
@@ -39,7 +45,7 @@ in
       openFirewall = true;          
       user = "sonarr";              
       group = "sonarr";             
-      dataDir = "/var/lib/sonarr";  
+      dataDir = data_dir;  
       settings = {
         server.port = cfg.port;    # default: 8989
       };
@@ -61,5 +67,8 @@ in
         proxyPass = "http://127.0.0.1:${toString cfg.port}";
       };
     };
+
+    # add to backups
+    modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
   };
 }
diff --git a/modules/homelab/services/arr/sonarr_backup_v4.0.15.2941_2025.10.01_20.42.01.zip b/modules/homelab/services/arr/sonarr_backup_v4.0.15.2941_2025.10.01_20.42.01.zip
deleted file mode 100755
index c23e417..0000000
Binary files a/modules/homelab/services/arr/sonarr_backup_v4.0.15.2941_2025.10.01_20.42.01.zip and /dev/null differ
diff --git a/modules/homelab/services/default.nix.template b/modules/homelab/services/default.nix.template
index 6c1a4fc..7881fd0 100644
--- a/modules/homelab/services/default.nix.template
+++ b/modules/homelab/services/default.nix.template
@@ -17,6 +17,10 @@ in
       description = "set port for <service_name> (default: ${toString default_port}";
     };
 
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -65,6 +69,6 @@ in
     };
 
     # add to backups
-    modules.system.backups.paths = lib.mkIf cfg.backups [ data_dir ];
+    modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
   };
 }