diff --git a/flake.nix b/flake.nix
index debda59..88f02c5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 305 current  2025-10-11 16:58:36  25.05.20251006.20c4598  6.12.50                          *
+# generation: 306 current  2025-10-11 17:04:37  25.05.20251006.20c4598  6.12.50                          *
 {
   description = "blakes nix config";
   inputs = {
diff --git a/modules/homelab/services/arr/bazarr/default.nix b/modules/homelab/services/arr/bazarr/default.nix
index 043e1de..79dd751 100644
--- a/modules/homelab/services/arr/bazarr/default.nix
+++ b/modules/homelab/services/arr/bazarr/default.nix
@@ -81,6 +81,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.mediastack = [{ 
+      title = service; 
+      url = "https://${cfg.url}"; 
+      error-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
+      icon = "di:${service}"; }];
+
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/arr/prowlarr/default.nix b/modules/homelab/services/arr/prowlarr/default.nix
index 4b52ff8..23248be 100644
--- a/modules/homelab/services/arr/prowlarr/default.nix
+++ b/modules/homelab/services/arr/prowlarr/default.nix
@@ -89,8 +89,7 @@ in
       url = "https://${cfg.url}"; 
       error-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
       check-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
-      icon = "di:${service}";
-      allow-insecure = false; }];
+      icon = "di:${service}"; }];
 
     # add to backups
     modules.system.backups.baks = {
diff --git a/modules/homelab/services/arr/radarr/default.nix b/modules/homelab/services/arr/radarr/default.nix
index 9bf3606..a87e625 100644
--- a/modules/homelab/services/arr/radarr/default.nix
+++ b/modules/homelab/services/arr/radarr/default.nix
@@ -92,8 +92,7 @@ in
       url = "https://${cfg.url}"; 
       error-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
       check-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
-      icon = "di:${service}";
-      allow-insecure = true; }];
+      icon = "di:${service}"; }];
 
     # add to backups
     modules.system.backups.baks = {
diff --git a/modules/homelab/services/arr/sonarr/default.nix b/modules/homelab/services/arr/sonarr/default.nix
index 802224c..4fee033 100644
--- a/modules/homelab/services/arr/sonarr/default.nix
+++ b/modules/homelab/services/arr/sonarr/default.nix
@@ -90,8 +90,7 @@ in
       url = "https://${cfg.url}"; 
       error-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
       check-url = "http://${homelab.host_ip}:${toString cfg.port}"; 
-      icon = "di:${service}";
-      allow-insecure = true; }];
+      icon = "di:${service}"; }];
 
     # add to backups
     modules.system.backups.baks = {
diff --git a/modules/homelab/services/gitea/default.nix b/modules/homelab/services/gitea/default.nix
index b62a943..9fcd683 100644
--- a/modules/homelab/services/gitea/default.nix
+++ b/modules/homelab/services/gitea/default.nix
@@ -115,6 +115,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.service = [{
+      title = service;
+      url = "https://git.${home.base_domain}";
+      error-url = "http://${cfg.url}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/glance/default.nix b/modules/homelab/services/glance/default.nix
index 477005f..1e5056a 100644
--- a/modules/homelab/services/glance/default.nix
+++ b/modules/homelab/services/glance/default.nix
@@ -53,11 +53,21 @@ in
       description = "enable backups for ${service}";
     };
     links = {
+      services = lib.mkOption {
+        type = lib.types.listOf lib.types.attrs;
+        default = [];
+        description = "list of links for ${service}";
+      };
       mediastack = lib.mkOption {
         type = lib.types.listOf lib.types.attrs;
         default = [];
         description = "list of links for ${service}";
       };
+      system = lib.mkOption {
+        type = lib.types.listOf lib.types.attrs;
+        default = [];
+        description = "list of links for ${service}";
+      };
     };
   };
 
@@ -123,8 +133,8 @@ in
                   {
                     type = "monitor";
                     cache = "1m";
-                    title = "mediastack";
-                    sites = cfg.links.mediastack;
+                    title = "services";
+                    sites = cfg.links.services;
 #                    sites = [
 #                      { title = "jellyfin"; url = "https://media.blakedheld.xyz"; icon = "di:jellyfin"; }
 #                      { title = "audiobookshelf"; url = "https://audiobooks.blakedheld.xyz"; icon = "di:audiobookshelf"; }
@@ -140,29 +150,31 @@ in
                   {
                     type = "monitor";
                     cache = "1m";
-                    title = "services";
-                    sites = [
-                      { title = "immich"; url = "https://pics.blakedheld.xyz"; icon = "di:immich"; }
-                      { title = "vaultwarden"; url = "https://pass.blakedheld.xyz"; icon = "di:vaultwarden"; }
-                      { title = "gitea"; url = "https://git.blakedheld.xyz"; icon = "di:gitea"; }
-                      { title = "home assistant"; url = "https://home.blakedheld.xyz"; icon = "di:home-assistant"; }
-                      { title = "zigbee2mqtt"; url = "http://10.10.0.30:4142"; icon = "di:zigbee2mqtt"; }
-                      { title = "syncthing"; url = "http://10.10.0.20:2222"; icon = "di:syncthing"; }
-                      { title = "archivebox"; url = "http://10.10.0.30:5656"; icon = "sh:archivebox"; }
-                      { title = "copyparty"; url = "http://10.10.0.20:3923"; icon = "sh:copyparty"; }
-                    ];
+                    title = "mediastack";
+                    sites = cfg.links.mediastack;
+#                    [
+#                      { title = "immich"; url = "https://pics.blakedheld.xyz"; icon = "di:immich"; }
+#                      { title = "vaultwarden"; url = "https://pass.blakedheld.xyz"; icon = "di:vaultwarden"; }
+#                      { title = "gitea"; url = "https://git.blakedheld.xyz"; icon = "di:gitea"; }
+#                      { title = "home assistant"; url = "https://home.blakedheld.xyz"; icon = "di:home-assistant"; }
+#                      { title = "zigbee2mqtt"; url = "http://10.10.0.30:4142"; icon = "di:zigbee2mqtt"; }
+#                      { title = "syncthing"; url = "http://10.10.0.20:2222"; icon = "di:syncthing"; }
+#                      { title = "archivebox"; url = "http://10.10.0.30:5656"; icon = "sh:archivebox"; }
+#                      { title = "copyparty"; url = "http://10.10.0.20:3923"; icon = "sh:copyparty"; }
+#                    ];
                   }
                   {
                     type = "monitor";
                     cache = "1m";
                     title = "system";
-                    sites = [
-                      { title = "proxmox"; url = "http://10.10.0.10:8006"; icon = "di:proxmox"; allow-insecure = true; }
-                      { title = "nginx"; url = "http://10.10.0.30:8080"; icon = "di:nginx"; }
-                      { title = "uptime kuma"; url = "http://10.10.0.30:8181"; icon = "di:uptime-kuma"; }
-                      { title = "tn holocron"; url = "https://10.10.0.20"; icon = "di:truenas"; allow-insecure = true; }
-                      { title = "bebe"; url = "https://10.10.0.1"; icon = "di:unifi"; allow-insecure = true; }
-                    ];
+                    sites = cfg.links.system;
+#                    [
+#                      { title = "proxmox"; url = "http://10.10.0.10:8006"; icon = "di:proxmox"; allow-insecure = true; }
+#                      { title = "nginx"; url = "http://10.10.0.30:8080"; icon = "di:nginx"; }
+#                      { title = "uptime kuma"; url = "http://10.10.0.30:8181"; icon = "di:uptime-kuma"; }
+#                      { title = "tn holocron"; url = "https://10.10.0.20"; icon = "di:truenas"; allow-insecure = true; }
+#                      { title = "bebe"; url = "https://10.10.0.1"; icon = "di:unifi"; allow-insecure = true; }
+#                    ];
                   }
                 ];
               }
diff --git a/modules/homelab/services/immich/default.nix b/modules/homelab/services/immich/default.nix
index fdefa8a..ff3b942 100644
--- a/modules/homelab/services/immich/default.nix
+++ b/modules/homelab/services/immich/default.nix
@@ -96,6 +96,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.service = [{
+      title = service;
+      url = "https://photos.${homelab.base_domain}";
+      error-url = "http://${cfg.url}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir "/var/lib/redis-immich" ]; };
diff --git a/modules/homelab/services/jellyfin/default.nix b/modules/homelab/services/jellyfin/default.nix
index 6445c5a..badbf17 100644
--- a/modules/homelab/services/jellyfin/default.nix
+++ b/modules/homelab/services/jellyfin/default.nix
@@ -90,12 +90,13 @@ in
       };
     };
 
-#    sops.secrets = {
-#      "${service}_" = {
-#        owner = "${service}";
-#        group = "${service}";
-#      };
-#    };
+    # add to glance
+    modules.services.glance.links.mediastack = [{
+      title = service;
+      url = "https://media.${homelab.base_domain}";
+      error-url = "http://${cfg.url}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
 
     # add to backups
     modules.system.backups.baks = {
diff --git a/modules/homelab/services/qbittorrent/default.nix b/modules/homelab/services/qbittorrent/default.nix
index 345211b..c0e7552 100644
--- a/modules/homelab/services/qbittorrent/default.nix
+++ b/modules/homelab/services/qbittorrent/default.nix
@@ -119,6 +119,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.mediastack = [{
+      title = service;
+      url = "https://${cfg.url}";
+      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/smarthome/homeassistant/default.nix b/modules/homelab/services/smarthome/homeassistant/default.nix
index 7a0cea3..1d3f993 100644
--- a/modules/homelab/services/smarthome/homeassistant/default.nix
+++ b/modules/homelab/services/smarthome/homeassistant/default.nix
@@ -137,6 +137,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.services = [{
+      title = service;
+      url = "https://hass.${homelab.base_domain}";
+      error-url = "http://${cfg.url}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/smarthome/mosquitto/default.nix b/modules/homelab/services/smarthome/mosquitto/default.nix
index c32f114..6b3988f 100644
--- a/modules/homelab/services/smarthome/mosquitto/default.nix
+++ b/modules/homelab/services/smarthome/mosquitto/default.nix
@@ -64,9 +64,10 @@ in
           acl = [ "readwrite #" ];
           hashedPassword = "$7$101$140powz2MtsRawFT$ydndjal9wCAywIWtUEAh/IusdfDFvnHMupTFjdS7Ad/EjsEIbJgHrLY9waCe4Z3142XieuxMrXUDjMTp2qwyiw==";
         };
-        #settings.allow_anonymous = true;
-        #acl = [ "pattern readwrite #" ];
-        #omitPasswordAuth = true;
+        # use with no auth
+#        settings.allow_anonymous = true;
+#        acl = [ "pattern readwrite #" ];
+#        omitPasswordAuth = true;
       }
     ];
     # override umask to make permissions work out
@@ -76,19 +77,9 @@ in
       Group = "${service}";
     };
 
-#    # open firewall
+    # open firewall
     networking.firewall.allowedTCPPorts = [ cfg.port ];
 
-#    # internal reverse proxy entry
-#    services.nginx.virtualHosts."${cfg.url}" = {
-#      forceSSL = true;
-#      sslCertificate = sec."ssl_blakedheld_crt".path;
-#      sslCertificateKey = sec."ssl_blakedheld_key".path;
-#      locations."/" = {
-#        proxyPass = "http://127.0.0.1:${toString cfg.port}";
-#      };
-#    };
-
     sops.secrets = {
       "${service}_hashed_passwd" = {
         owner = "${service}";
diff --git a/modules/homelab/services/smarthome/zigbee2mqtt/default.nix b/modules/homelab/services/smarthome/zigbee2mqtt/default.nix
index 67f5c2e..0e6c1d1 100644
--- a/modules/homelab/services/smarthome/zigbee2mqtt/default.nix
+++ b/modules/homelab/services/smarthome/zigbee2mqtt/default.nix
@@ -18,7 +18,7 @@ in
     };
     url = lib.mkOption {
       type = lib.types.str;
-      default = "${service}.${homelab.base_domain}";
+      default = "z2m.${homelab.base_domain}";
       description = "set domain for ${service}";
     };
     data_dir = lib.mkOption {
@@ -111,6 +111,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.services = [{
+      title = service;
+      url = "https://${cfg.url}";
+      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
     # add to backups
     modules.system.backups.baks = {
      ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/uptime-kuma/default.nix b/modules/homelab/services/uptime-kuma/default.nix
index 493d8b1..4e924e9 100644
--- a/modules/homelab/services/uptime-kuma/default.nix
+++ b/modules/homelab/services/uptime-kuma/default.nix
@@ -99,6 +99,14 @@ in
 #      };
 #    };
 
+    # add to glance
+    modules.services.glance.links.system = [{
+      title = service;
+      url = "https://${cfg.url}";
+      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
      # add to backups
      modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
   };
diff --git a/modules/homelab/services/vaultwarden/default.nix b/modules/homelab/services/vaultwarden/default.nix
index 4a1e3a6..9581f4a 100644
--- a/modules/homelab/services/vaultwarden/default.nix
+++ b/modules/homelab/services/vaultwarden/default.nix
@@ -110,6 +110,14 @@ in
       };
     };
 
+    # add to glance
+    modules.services.glance.links.services = [{
+      title = service;
+      url = "https://${homelab.base_domain}";
+      error-url = "http://${cfg.url}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
      # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };