diff --git a/modules/config/instances/config/comfyui.nix b/modules/config/instances/config/comfyui.nix
index 5630e01..b476b6f 100755
--- a/modules/config/instances/config/comfyui.nix
+++ b/modules/config/instances/config/comfyui.nix
@@ -1,7 +1,7 @@
 { moduleFunctions }:
 let
   inherit (moduleFunctions.instancesFunctions)
-    domain0
+    domain3
     servicePath
     sslPath
     sopsPath
@@ -9,20 +9,15 @@ let
 
   label = "ComfyUI";
   name = "comfyui";
-  subdomain = "comfyui";
-  domain = "${subdomain}.${domain0}";
 in
 {
   label = label;
   name = name;
   short = label;
+
   sops = {
     path0 = "${sopsPath}/${name}";
   };
-  domains = {
-    url0 = domain;
-  };
-  subdomain = subdomain;
   tags = [
     name
     "comfy"
@@ -34,8 +29,5 @@ in
   ports = {
     port0 = 8188;
   };
-  ssl = {
-    cert = "${sslPath}/${domain0}/fullchain.pem";
-    key = "${sslPath}/${domain0}/key.pem";
-  };
+
 }
diff --git a/modules/home/cli/development/tooling/python/default.nix b/modules/home/cli/development/tooling/python/default.nix
deleted file mode 100644
index e390cfc..0000000
--- a/modules/home/cli/development/tooling/python/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-{
-  home.packages = builtins.attrValues {
-    inherit (pkgs)
-      python314
-      ;
-    inherit (pkgs.python313Packages)
-      venvShellHook
-      ;
-  };
-}
diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix
index 18028c5..4a4adf6 100755
--- a/modules/nixos/services/acme/default.nix
+++ b/modules/nixos/services/acme/default.nix
@@ -43,7 +43,6 @@ in
           "vaultwarden"
           "opencloud"
           "prompter"
-          "comfyui"
         ]
       )
       ++ (map
diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix
index f822cf6..7a2393d 100644
--- a/modules/nixos/services/prompter/default.nix
+++ b/modules/nixos/services/prompter/default.nix
@@ -9,7 +9,7 @@ in
 {
   services = {
     caddy = {
-      environmentFile = config.sops.secrets."caddy/${service.name}-auth".path;
+      environmentFile = config.sops.secrets."caddy/prompter-auth".path;
 
       virtualHosts = {
         "${host}" = {
@@ -30,17 +30,23 @@ in
   sops =
     let
       sopsPath = secret: {
-        path = "${service.sops.path0}/${service.name}-${secret}.env";
-        owner = "caddy";
-        mode = "0400";
+        path = "${service.sops.path0}/${service.name}-${secret}";
+        owner = "root";
+        mode = "600";
       };
     in
     {
-      secrets = {
-        "caddy/${service.name}-auth" = sopsPath "auth";
-      };
+      secrets = builtins.listToAttrs (
+        map
+          (secret: {
+            name = "caddy/${secret}";
+            value = sopsPath secret;
+          })
+          [
+            "${service.name}-auth"
+          ]
+      );
     };
-
   systemd.tmpfiles.rules = [
     "Z ${service.paths.path0} 755 caddy caddy -"
     "Z ${service.sops.path0} 755 caddy caddy -"
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index e63538c..004a563 100755
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -50,8 +50,7 @@ firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R
 opencloud:
     env: ENC[AES256_GCM,data:JZOs+86/jhHtXuOb4fsk4ceZuFpSa6PAMN2/vmGlvlXvsx/Yk2ZXeZZU0jtwweN8Sk61A2538OdPpfKynBgwsZ2SgoxAIyJtQl3HZWdZzNZ6+/t+AFvvav/x9nUv1O5704FP5OYOMniQAmqu0ds0JIX3YV/cstoo+rNhNW2emlVhj2ABYhTxy0BFJ8A+Re9y5FN5WT4tmloF/21ZrIwtTw8ULQPCksJfTFwEE+cCN3aIWZn00/4zUuv6CEtZeKeOeLxgQL+G2pPhNrQzG+lw+AKLzXA2mJM+3Zfq0MplyXeFCLkV1GCHksrMPp2w5j2RdtfcdE9IP+tXoD/fZNfYgCK1Pk/JhkXcV9EPbz4KUL/+OpgFqh+RvKGPXH2iTV0B8t2Ag7NowxULI2jKw0c=,iv:1ClzjY1n48cQ9bdBewM5A5Lr/c13HbSSYJ7xYCwZDzA=,tag:FavwE2sX+wSgKOEpywFeMw==,type:str]
 caddy:
-    prompter-auth: ENC[AES256_GCM,data:uEj6gruCfcIRoCQY9eNcOka+PAIIhAlKnI+ehZ88aZo90tINcxZ7ZvKqlTJr4rt5o+EO7rvRJcYH/s8/+piszFyxSa64Rtq5KdAjfHnRm0QM8q/2JIHnZsQC3fPz1S177WPs/c3Eydh4VeVe,iv:ZOru4ABFgIy9DoTlMl3InSf8zM1ERNpbRNLN6vy97Jc=,tag:5v3w7kvFQCEPBjchE8K0cw==,type:str]
-    comfyui-auth: ENC[AES256_GCM,data:YkHxbW/0zTmnrggXKl2jNO4OnBaepmCwB3ZC6d8MPIKf8snWJzAvTq5+X5ABzziwKaypHRTcS6vuNntxKrrD8DS7hX9DqVCZc5WeFHI6S5VzHh3SprW2MF4E8nm4Hj+VHoKGmRSSOU1cfX3J,iv:v0Pid0BCY2QsMNaahBvJd4WWZD115JDLHlOCQvPiaGU=,tag:gpsAgt052NoOyIa9WqJXyg==,type:str]
+    prompter-auth: ENC[AES256_GCM,data:KsbdZqs3cTTB4gFBlwosY64axFx+Qe+Q1Ulch2YZJXr3L8Jf05luWsbd1+MS7ZxO0C1M9lryNqFTynAntyp4gXSvN3f8/saAHmiG4Y2jlT8OLaqjZULw1TOlsDXK6CeQkyD6LO6jKrtBEPjS,iv:IBbV0+/ENY/pwn5xfxVPKwn4YpwGmZnRtmA86sppabw=,tag:9YbeHqXFi2KyvuEKgQx9sQ==,type:str]
 sops:
     age:
         - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
@@ -63,7 +62,7 @@ sops:
             bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
             aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-27T22:50:42Z"
-    mac: ENC[AES256_GCM,data:iu/l4hWqbT4yZJEmtuAdHKlP5pAmTkjHsCO4el5gOGFi+oRf3cYhXVu11H4NcPP8MHdajvRb9ly+QeQyBdWcgKwVrTHFvSMy/V95gC1Z5nP7sW/uV8hLeMQ/R+mj3a+Dho5fgjbgOubCF8gYj5vckcjJvq0bAxqTBZjqDAu6QQM=,iv:DMZiLphm//e4e9x76Cez/HKubSLbll27nVmMYNuwNuk=,tag:6mN0YyYtBHHKjzNszGh9Yg==,type:str]
+    lastmodified: "2025-07-27T19:49:15Z"
+    mac: ENC[AES256_GCM,data:G8wx83DyZRoq7LFazBNzBk/KCg2uYZ4XBCXH9vPDIIdycKdpKd5/Akh1LcPZg8f7bB4BfmENrFY3pG0CE/J9Xev5O+UHof/z+PNp0bTEQDses0XgCZCeeaOykERtzflibQwj0gOeMfO9a5h5wzLi8Qlk53uQXnoPn+jb3x/sE3Y=,iv:BsMg/NPCIO13bHLPtREewbthnPBk4rC4KZRyeM5yHN4=,tag:LN89FZVpF5IwdqHAjCtz8Q==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2
diff --git a/systems/ceres/config/comfyui.nix b/systems/ceres/config/comfyui.nix
index 5354f71..371bee3 100755
--- a/systems/ceres/config/comfyui.nix
+++ b/systems/ceres/config/comfyui.nix
@@ -4,60 +4,57 @@
   flake,
   ...
 }:
-
 let
-  inherit (flake.config.services.instances) comfyui web;
+  inherit (flake.config.machines.devices)
+    ceres
+    ;
+  inherit (flake.config.services.instances)
+    comfyui
+    web
+    ;
   service = comfyui;
   localhost = web.localhost.address1;
-  host = service.domains.url0;
 in
 {
   nixpkgs.overlays = [
     flake.inputs.nix-comfyui.overlays.default
   ];
 
-  services = {
-    comfyui = {
-      enable = true;
-      openFirewall = true;
-      host = localhost;
-      package = pkgs.comfyuiPackages.comfyui.override {
-        extensions = with pkgs.comfyuiPackages.extensions; [
-          acly-inpaint
-          acly-tooling
-          cubiq-ipadapter-plus
-          fannovel16-controlnet-aux
-        ];
-        commandLineArgs = [
-          "--preview-method"
-          "auto"
-        ];
-      };
-    };
-    caddy = {
-      virtualHosts = {
-        "${host}" = {
-          extraConfig = ''
-            basicauth {
-              {$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH}
-            }
-
-            reverse_proxy ${localhost}:${toString service.ports.port0}
-
-            tls ${service.ssl.cert} ${service.ssl.key}
-          '';
-        };
-      };
+  services.comfyui = {
+    enable = true;
+    openFirewall = true;
+    host = localhost;
+    package = pkgs.comfyuiPackages.comfyui.override {
+      extensions = with pkgs.comfyuiPackages.extensions; [
+        acly-inpaint
+        acly-tooling
+        cubiq-ipadapter-plus
+        fannovel16-controlnet-aux
+      ];
+      commandLineArgs = [
+        "--preview-method"
+        "auto"
+      ];
     };
   };
+  # fileSystems."/var/lib/${service.name}" = {
+  #   device = service.paths.path0;
+  #   fsType = "none";
+  #   options = [
+  #     "bind"
+  #   ];
+  #   depends = [
+  #     ceres.storage0.mount
+  #   ];
+  # };
 
-  systemd.tmpfiles.rules = [
-    "Z ${service.sops.path0} 755 caddy caddy -"
-  ];
+  # systemd.tmpfiles.rules = [
+  #   "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
+  #   "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
+  # ];
 
   users.users.${service.name}.extraGroups = [
     "users"
-    "caddy"
   ];
 
   networking = {