diff --git a/secrets/authentik.toml.age b/secrets/authentik.toml.age
index e3b6a25..d3c91cc 100644
Binary files a/secrets/authentik.toml.age and b/secrets/authentik.toml.age differ
diff --git a/services/authentik.nix b/services/authentik.nix
index 0349b87..b6caf43 100644
--- a/services/authentik.nix
+++ b/services/authentik.nix
@@ -75,15 +75,6 @@ in {
   };
   users.groups."${user}" = { };
 
-  services.crowdsec = {
-    localConfig.acquisitions = [{
-      source = "journalctl";
-      journalctl_filter = [ "_SYSTEMD_USER_UNIT=${user}.service" ];
-      labels.type = "authentik";
-    }];
-    hub.collections = [ "firix/authentik" ];
-  };
-
   home-manager.users."${user}" = { config, osConfig, ... }: {
     imports = [ home-manager-quadlet-nix ];
 
@@ -147,18 +138,11 @@ in {
               AUTHENTIK_POSTGRESQL__HOST = "authentik-db";
               AUTHENTIK_POSTGRESQL__NAME = "${user}";
               AUTHENTIK_POSTGRESQL__USER = "${user}";
-              AUTHENTIK_STORAGE__BACKEND = "s3";
             };
             exec = "worker";
             secrets = [
               "AUTHENTIK_POSTGRESQL__PASSWORD,type=env"
               "AUTHENTIK_SECRET_KEY,type=env"
-              "AUTHENTIK_STORAGE__S3__ACCESS_KEY,type=env"
-              "AUTHENTIK_STORAGE__S3__SECRET_KEY,type=env"
-              "AUTHENTIK_STORAGE__S3__BUCKET_NAME,type=env"
-              "AUTHENTIK_STORAGE__S3__REGION,type=env"
-              "AUTHENTIK_STORAGE__S3__ENDPOINT,type=env"
-              "AUTHENTIK_STORAGE__S3__CUSTOM_DOMAIN,type=env"
             ];
             volumes = [
               # Remount media folder into new location based on
@@ -185,7 +169,6 @@ in {
               AUTHENTIK_POSTGRESQL__HOST = "authentik-db";
               AUTHENTIK_POSTGRESQL__NAME = "${user}";
               AUTHENTIK_POSTGRESQL__USER = "${user}";
-              AUTHENTIK_STORAGE__BACKEND = "s3";
             };
             exec = "server";
             secrets = [
@@ -197,12 +180,6 @@ in {
               "AUTHENTIK_EMAIL__PASSWORD,type=env"
               "AUTHENTIK_EMAIL__USE_SSL,type=env"
               "AUTHENTIK_EMAIL__FROM,type=env"
-              "AUTHENTIK_STORAGE__S3__ACCESS_KEY,type=env"
-              "AUTHENTIK_STORAGE__S3__SECRET_KEY,type=env"
-              "AUTHENTIK_STORAGE__S3__BUCKET_NAME,type=env"
-              "AUTHENTIK_STORAGE__S3__REGION,type=env"
-              "AUTHENTIK_STORAGE__S3__ENDPOINT,type=env"
-              "AUTHENTIK_STORAGE__S3__CUSTOM_DOMAIN,type=env"
             ];
 
             # Change from Traefik: publish ports to localhost only via 127.0.0.1