diff --git a/hosts/ward/guests/firefly.nix b/hosts/ward/guests/firefly.nix
index bf549b3..9772412 100644
--- a/hosts/ward/guests/firefly.nix
+++ b/hosts/ward/guests/firefly.nix
@@ -11,7 +11,7 @@ in
 {
   wireguard.proxy-home = {
     client.via = "ward";
-    firewallRuleForNode.sausebiene.allowedTCPPorts = [ 80 ];
+    firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ 80 ];
   };
 
   globals.services.firefly.domain = fireflyDomain;
@@ -41,6 +41,8 @@ in
     enableNginx = true;
     virtualHost = globals.services.firefly.domain;
     settings = {
+      AUDIT_LOG_LEVEL = "emergency"; # disable audit logs
+      LOG_CHANNEL = "stdout";
       APP_URL = "https://${globals.services.firefly.domain}";
       TZ = "Europe/Berlin";
       TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
diff --git a/hosts/ward/secrets/firefly/host.pub b/hosts/ward/secrets/firefly/host.pub
index f9a633d..97cc759 100644
--- a/hosts/ward/secrets/firefly/host.pub
+++ b/hosts/ward/secrets/firefly/host.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDI93VlzePCcQnAF3MmgcvfJPhWrLmT+9uWCzgVl3YV+
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9bxRVB7zpCZhwfIwr7oyuNy0Tfu1Ki3KWPNiFyQizH
diff --git a/secrets/rekeyed/ward-firefly/0eff09bca0aa5407477fdab03dab22a0-promtail-loki-basic-auth-password.age b/secrets/rekeyed/ward-firefly/0eff09bca0aa5407477fdab03dab22a0-promtail-loki-basic-auth-password.age
deleted file mode 100644
index 2615a9f..0000000
--- a/secrets/rekeyed/ward-firefly/0eff09bca0aa5407477fdab03dab22a0-promtail-loki-basic-auth-password.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 iMlJww E5FqXO/vzW9DHo9fCSAMUKWmjR8MFXpU3XDnRa0EJ28
-QMY3FFVIMMA7hkzgt4KFCZqnceAt3HX5nBgDMHaOoHI
--> 9eg'-grease VW\g2`l 31z"
-NPUdagDQa5101Jc+IJ9q6SC+91YOK+k
---- iBSbWHLrGSanifDuwn2dobAwAlTRGEt3wNWshz96nNA
-êþ¶q3æ²êŠá8ng©®ŸŸ:½“¬ºÇñ¹}üo{­Ž‚â÷ü·Ænm…Rüè™ØÚr+edNÃz'`sÇ[úb¿•(ÏºÊ­ãò5ãÑ
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/206d313b87995351cd0b97e804d37886-wireguard-proxy-home-psks-ward+ward-firefly.age b/secrets/rekeyed/ward-firefly/206d313b87995351cd0b97e804d37886-wireguard-proxy-home-psks-ward+ward-firefly.age
new file mode 100644
index 0000000..10a706b
--- /dev/null
+++ b/secrets/rekeyed/ward-firefly/206d313b87995351cd0b97e804d37886-wireguard-proxy-home-psks-ward+ward-firefly.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 YHfciQ /JDeiZuydrg08gCBvPUMBRIOzciGvV+o+eCS/lmrtRo
+X62u9gSTkkhIJhOLv+Oxu0aTCw9K4oxtsFUEQTrEC78
+-> %u]tzM-grease |kp`D O*d_7kP=
+vNzBWFKkxN/7oxjXuNSBsNh+BCTR
+--- HMqjg2W7E1jaamxsKFWGHsUkVFuCgFKXCcPdjAN22SI
+ `ìýoçäéÛˆÖoÒZOo*WU‹bA[«–h{>óyîçp[¨6úªûðˆ²²7Í9Þ!Ãõ£¢
+Õ…X¼æ©?tžœt)Uy»Æ
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/3e9f3cf2a49cc7bd4199c9db79d103de-firefly-app-key.age b/secrets/rekeyed/ward-firefly/3e9f3cf2a49cc7bd4199c9db79d103de-firefly-app-key.age
new file mode 100644
index 0000000..7d800c2
--- /dev/null
+++ b/secrets/rekeyed/ward-firefly/3e9f3cf2a49cc7bd4199c9db79d103de-firefly-app-key.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 YHfciQ tSPGTfN5guIVsigbe6reAAmmxMjShWyVmYM6IhjIcnM
+WptTdTvgew6XKekrXwCNwKHoR7L/Viwi7Os6yqXtLLg
+-> v-grease O\Q#e_5v @x>mv0D
+cxlA8RpxtXGuq0F9zq+xNtYTgLOH8rjX
+--- InsyRLxK5htVkz/aKjlWGiF5X0lM6bXYzM3tZbOheo8
+õ~.Cw\C~Ö<6Ã¤6|ÜOÃð8}1(oû¥Ã]x÷IŒë’×Ì]œ‰àŒ	œ!wÚšrˆPÿŸg¨6D	1Äì=Æ¶[ºXü
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/42e563c91200775d10a651a63413f5e0-telegraf-influxdb-token.age b/secrets/rekeyed/ward-firefly/42e563c91200775d10a651a63413f5e0-telegraf-influxdb-token.age
new file mode 100644
index 0000000..36d3ff5
--- /dev/null
+++ b/secrets/rekeyed/ward-firefly/42e563c91200775d10a651a63413f5e0-telegraf-influxdb-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 YHfciQ C6rdXtEgSnmvZGadg4t2P8g7ZP9Cizgni/+QsOPWp0w
+eeSuBSk5+SnJr6YtO67wn7a263ummSELG4SXrkUXp/Y
+-> +(A@\ZO@-grease 8Yt9 f B7!c
+g2QVWUbgF3QyPIUMX+7x4iS5xmEPaKtGtZwQJpRPBw7cgS5xNp6DTgF/bRyazsuD
++XIrHrVRZww0FobvAZWQVHz2SrzIqWi0SHRSnkV7cTKKNdAZHje/2CYpQ421C6hI
+WA
+--- wqySXNN6CxW4Sje0GKTfM0xmyXl8fRs/GTALuk0c7+0
+²T£¾¦ùÕc‘|‹”u®Ú4›¿Y¯OjFš~êo$úd	ÉS¸§Pñõ¨„Wxc.8ÏÛ'‡-[‰4{Ä-î£€á¦mV‹vA«í”´
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/59ca141d3c7c82f99abe5213fc3adbc4-wireguard-proxy-home-psks-ward+ward-firefly.age b/secrets/rekeyed/ward-firefly/59ca141d3c7c82f99abe5213fc3adbc4-wireguard-proxy-home-psks-ward+ward-firefly.age
deleted file mode 100644
index 601123c..0000000
--- a/secrets/rekeyed/ward-firefly/59ca141d3c7c82f99abe5213fc3adbc4-wireguard-proxy-home-psks-ward+ward-firefly.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 iMlJww Z4Ks4fk4VNuB+NVnmWgFGe7pUdwaOEIRjHhxldrS1Rg
-ryrr2czYVoljwgokZ4SueF4K86Rn5ZQ9hryeuxgzD64
--> Sq1*-grease |:Mx~ 5qJ||" " 6!+(,I
-7DhAuAnGOTWQ/3IeVR6GFBQ
---- MYFaGCLMR7pf3AOctnWoff2GI+hJ68QKO9Mh6/qPFEY
-,A8–ŒÐ>ÿtÅcßŽzIíFŽ*slˆiŠÌ€bÞ„È²"?Ž$ª°87{ÿ4¡fþwªŸ¯ì¸cá°#,!YßYÆ¾ƒ£
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/86c634d8210be2e4f069e5168e906326-firefly-app-key.age b/secrets/rekeyed/ward-firefly/86c634d8210be2e4f069e5168e906326-firefly-app-key.age
deleted file mode 100644
index 2c31310..0000000
--- a/secrets/rekeyed/ward-firefly/86c634d8210be2e4f069e5168e906326-firefly-app-key.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 iMlJww 2JAtq+eRbq02hjI35LQX8swDM9CHIlk04dSbWJP3zSQ
-QEb6tHk4JQPXqqnYY/mY9CUB3IgzfjCW9ovp2sV1TFM
--> @-grease KM$g *!O`
-izfolg
---- WILRDX5ScwJzlzULjw9xiiLn4p8wrd3wUw4h2QJCYeg
-žö:g[XOÊ]JÔøn}¸òëÊÁ…˜Ò5F×2-íßÕüÐY–¿þ<ÿžÇ¢p¢Ø‹Õn£Xå±CŸoÐH—ÑU¾]V/~Q•ÂìÁŸ. ­|Ôaï
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/c17f6d023aa2f3bf37bc286b3766fef1-promtail-loki-basic-auth-password.age b/secrets/rekeyed/ward-firefly/c17f6d023aa2f3bf37bc286b3766fef1-promtail-loki-basic-auth-password.age
new file mode 100644
index 0000000..f8484e7
Binary files /dev/null and b/secrets/rekeyed/ward-firefly/c17f6d023aa2f3bf37bc286b3766fef1-promtail-loki-basic-auth-password.age differ
diff --git a/secrets/rekeyed/ward-firefly/c3a5933f8184ecafaa3acdb69b0e0f6f-telegraf-influxdb-token.age b/secrets/rekeyed/ward-firefly/c3a5933f8184ecafaa3acdb69b0e0f6f-telegraf-influxdb-token.age
deleted file mode 100644
index 2486ad6..0000000
--- a/secrets/rekeyed/ward-firefly/c3a5933f8184ecafaa3acdb69b0e0f6f-telegraf-influxdb-token.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 iMlJww CTRuCRd64uojf1Q0yisBkwEt42tLLqCA0X2Umw45Y3A
-UcSTnVKmw7nl9Apg/ZZcGPSBm/i6AIrD82QnPY+UnVQ
--> .$Mz#d-grease f-1BU |@F!=+8 0s`)Z 9&5<J&MM
-uEQ6iKSlaBgxbDppOaXU/k0ujx4/FyQuj8PCzw+Erwdoxwxuw8w
---- gOGIExA2G2rschlaM8Tr+BsWQMFOpUDA1ClR/IsUlLI
-pÔ÷­Òœs$³ƒ2õÃ†Šï o³lÑ|ž}+à1‰¬¤Ì®@€6æ’±†J».«?^¢…äeø˜‹Ü‡E:)ñ/‰ÿÜ*ETÕ–øór¬Ñ
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-firefly/cc7db31943caeff66244b3aa934b7297-wireguard-proxy-home-priv-ward-firefly.age b/secrets/rekeyed/ward-firefly/cc7db31943caeff66244b3aa934b7297-wireguard-proxy-home-priv-ward-firefly.age
new file mode 100644
index 0000000..b898dfb
Binary files /dev/null and b/secrets/rekeyed/ward-firefly/cc7db31943caeff66244b3aa934b7297-wireguard-proxy-home-priv-ward-firefly.age differ
diff --git a/secrets/rekeyed/ward-firefly/fa954ae2f809b3a55d9c93ca0ac2e078-wireguard-proxy-home-priv-ward-firefly.age b/secrets/rekeyed/ward-firefly/fa954ae2f809b3a55d9c93ca0ac2e078-wireguard-proxy-home-priv-ward-firefly.age
deleted file mode 100644
index 4658901..0000000
--- a/secrets/rekeyed/ward-firefly/fa954ae2f809b3a55d9c93ca0ac2e078-wireguard-proxy-home-priv-ward-firefly.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 iMlJww DFczqyym2mmSZTWehkkvSPaNf7q8biiiEqoRrilbEno
-hvzfFRr0rpm0pJU5AFa1LOJ8QFEBgc1sU8LUbu1iPQk
--> h;[-grease @z] EChs4o3 U`,fK;
-VX4FqvfERRpfAPCw8F4D2vdVDuhS3FQ0Viw9G/Lp4Kda8/u1/LXxcCRSQ+Mvuj/o
-QCOdco48EagX3CVp+a6xuPNgaxgopMgkyQr2nmvXh0W6r1s
---- e0ODGAsNYbD8EWnZgZ776iHi2Y41+zbAL7jDo2InYQM
-Io;µ;—Z $È…-\ØÏ<¡¦•×Í¼œø¹ûRPœmrÌÖ7ÛJîBÎÕ}å·ä;DlHÚdô¢¸îêš€2Üb|Âs^²šD
\ No newline at end of file