diff --git a/dockerfiles/caddy.Dockerfile b/dockerfiles/caddy.Dockerfile
new file mode 100644
index 0000000..eda476f
--- /dev/null
+++ b/dockerfiles/caddy.Dockerfile
@@ -0,0 +1,8 @@
+FROM caddy:2.8-builder AS builder
+
+RUN xcaddy build \
+  --with github.com/caddy-dns/transip
+
+FROM caddy:2.8
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
diff --git a/hosts/v-th-ctr-01/configuration.nix b/hosts/v-th-ctr-01/configuration.nix
new file mode 100644
index 0000000..d2c230a
--- /dev/null
+++ b/hosts/v-th-ctr-01/configuration.nix
@@ -0,0 +1,31 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ modulesPath, ... }:
+
+{
+  imports = [
+    # Include the default incus configuration.
+    "${modulesPath}/virtualisation/lxc-container.nix"
+    # Include the container-specific autogenerated configuration.
+  ];
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+}
diff --git a/hosts/v-th-ctr-01/default.nix b/hosts/v-th-ctr-01/default.nix
index 6f42900..40b58f9 100644
--- a/hosts/v-th-ctr-01/default.nix
+++ b/hosts/v-th-ctr-01/default.nix
@@ -56,8 +56,12 @@
 
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [ 80 443 53 ];
-    allowedUDPPorts = [ 80 443 53 ];
+    allowedTCPPorts = [ 1080 1443 1053 ];
+    allowedUDPPorts = [ 1080 1443 1053 ];
+  };
+
+  networking.hosts = {
+    "127.0.0.1" = [ "tbmrs.nl" ];
   };
 
   users.users.deploy = {
diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix
index fd4a296..4a6cf08 100644
--- a/hosts/v-th-ctr-01/home.nix
+++ b/hosts/v-th-ctr-01/home.nix
@@ -23,7 +23,7 @@
       applications.ssh.enable = true;
       applications.thunderbird.enable = false;
       applications.yazi.enable = true;
-      applications.zellij.enable = false;
+      applications.zellij.enable = true;
 
       services.nextcloud-sync.enable = false;
       services.podman.enable = true;
@@ -35,10 +35,19 @@
 
       desktop-environments.hyprland.enable = false;
 
-      containers.nginx.enable = true;
+      containers = {
+        network.enable = true;
+
+        nginx.enable = true;
+        caddy.enable = true;
+        kanidm.enable = true;
+        forgejo.enable = true;
+      };
     };
 
     home.packages = with pkgs; [
+      unstable.helix
+      lazygit
     ];
 
     # Enable home-manager
diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix
new file mode 100644
index 0000000..ad160ea
--- /dev/null
+++ b/modules/home/containers/caddy.nix
@@ -0,0 +1,57 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.caddy;
+in {
+  options = {
+    settings.containers.caddy.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable caddy container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.caddy = {
+      image = "localhost/tboomers/caddy-custom:latest";
+      network = "proxy";
+      ports = [
+        "1080:80"
+        "1443:443"
+      ];
+      volumes = [
+        "%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile"
+        "%h/containers/caddy/acme_key:/etc/caddy/acme_key"
+        "%h/containers/caddy/data:/data"
+      ];
+    };
+
+    home.file."containers/caddy/Caddyfile".text = ''
+      *.tbmrs.nl, tbmrs.nl {
+        tls {
+          dns transip xeovalyte /etc/caddy/acme_key
+          resolvers 1.1.1.1
+        }
+
+        @root host tbmrs.nl
+        handle @root {
+          respond "Hello there"
+        }
+
+        @kanidm host auth.tbmrs.nl
+        handle @kanidm {
+          reverse_proxy https://auth.tbmrs.nl
+        }
+
+        @forgejo host git.tbmrs.nl
+        handle @forgejo {
+          reverse_proxy forgejo:3000
+        }
+      }
+    '';
+  };
+}
diff --git a/modules/home/containers/forgejo.nix b/modules/home/containers/forgejo.nix
new file mode 100644
index 0000000..0ba3526
--- /dev/null
+++ b/modules/home/containers/forgejo.nix
@@ -0,0 +1,32 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.forgejo;
+in {
+  options = {
+    settings.containers.forgejo.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable forgejo container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.forgejo = {
+      image = "codeberg.org/forgejo/forgejo:11";
+      network = "proxy";
+      volumes = [
+        "%h/containers/forgejo/data:/data" 
+      ];
+      environment = {
+        FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        FORGEJO__service__SHOW_REGISTRATION_BUTTON = false;
+        FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false;
+      };
+    };
+  };
+}
diff --git a/modules/home/containers/kanidm.nix b/modules/home/containers/kanidm.nix
new file mode 100644
index 0000000..7f59f21
--- /dev/null
+++ b/modules/home/containers/kanidm.nix
@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.kanidm.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable kanidm container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.kanidm = {
+      image = "kanidm/server:latest";
+      network = "proxy";
+      networkAlias = [
+        "auth.tbmrs.nl"
+      ];
+      volumes = [
+        "%h/containers/kanidm/data:/data"
+        "%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
+      ];
+      environment = {
+        KANIDM_VERSION = "2";
+        KANIDM_BINDADDRESS = "[::]:443";
+        KANIDM_DB_PATH = "/data/kanidm.db";
+        KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
+        KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
+        KANIDM_DOMAIN = "auth.tbmrs.nl";
+        KANIDM_ORIGIN = "https://auth.tbmrs.nl";
+      };
+    };
+  };
+}
diff --git a/modules/home/containers/network.nix b/modules/home/containers/network.nix
new file mode 100644
index 0000000..b26d751
--- /dev/null
+++ b/modules/home/containers/network.nix
@@ -0,0 +1,24 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.nginx;
+in {
+  options = {
+    settings.containers.network.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable network
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.networks.proxy = {
+      description = "Container network for the proxy";
+      autoStart = true;
+    };
+  };
+}
diff --git a/modules/home/default.nix b/modules/home/default.nix
index 814c54a..4e623b1 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -22,6 +22,11 @@
 
     ./desktop-environments/hyprland/default.nix
 
+    ./containers/network.nix
+
+    ./containers/caddy.nix
+    ./containers/kanidm.nix
     ./containers/nginx.nix
+    ./containers/forgejo.nix
   ];
 }