diff --git a/machines/web01/castopod-head-proxy.nix b/machines/web01/castopod-head-proxy.nix
deleted file mode 100644
index baacfca..0000000
--- a/machines/web01/castopod-head-proxy.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.services.castopod;
-  fpm = config.services.phpfpm.pools.castopod;
-in
-{
-  services.nginx = {
-    resolver.addresses = [ "127.0.0.53" ];
-    virtualHosts."${cfg.localDomain}" = {
-
-      locations."@force_get" = {
-        extraConfig = lib.mkForce ''
-          recursive_error_pages on;
-          proxy_method GET;
-          proxy_pass https://podcasts.dgnum.eu/$request_uri;
-        '';
-      };
-
-      locations."~ .php$" = {
-        extraConfig = lib.mkForce ''
-          error_page 550 = @force_get;
-          if ($request_method = HEAD) { return 550; }
-          fastcgi_intercept_errors on;
-          fastcgi_index index.php;
-          fastcgi_pass unix:${fpm.socket};
-          try_files $uri =404;
-          fastcgi_read_timeout 3600;
-          fastcgi_send_timeout 3600;
-        '';
-      };
-    };
-  };
-}
diff --git a/machines/web01/castopod.nix b/machines/web01/castopod.nix
index 20d57c1..c237148 100644
--- a/machines/web01/castopod.nix
+++ b/machines/web01/castopod.nix
@@ -8,7 +8,7 @@ in
       enable = true;
       localDomain = host;
       environmentFile = config.age.secrets.castopod-environment_file.path;
-      maxUploadSize = 512;
+      maxUploadSize = "512M";
       settings = {
         "email.fromEmail" = "noreply@infra.dgnum.eu";
         "email.SMTPHost" = "kurisu.lahfa.xyz";
diff --git a/machines/web01/crabfit/default.nix b/machines/web01/crabfit/default.nix
index c162800..879ac36 100644
--- a/machines/web01/crabfit/default.nix
+++ b/machines/web01/crabfit/default.nix
@@ -1,4 +1,4 @@
-_:
+{ config, ... }:
 
 {
   imports = [ ./packages ];
@@ -8,9 +8,29 @@ _:
 
     api.host = "api.meet.dgnum.eu";
     frontend.host = "meet.dgnum.eu";
-
-    configureNginx = true;
   };
 
   dgn-backups.postgresDatabases = [ "crabfit" ];
+
+  services.nginx =
+    let
+      cfg = config.services.crabfit;
+    in
+    {
+      enable = true;
+
+      virtualHosts.${cfg.frontend.host} = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.frontend.port}";
+      };
+
+      virtualHosts.${cfg.api.host} = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.api.port}";
+      };
+    };
 }
diff --git a/meta/README.md b/meta/README.md
index 5e42560..5446d5a 100644
--- a/meta/README.md
+++ b/meta/README.md
@@ -34,6 +34,21 @@ TODO.
 
 Machines can use different versions of NixOS, the supported and default ones are specified here.
 
+## How to add a new version
+
+- Switch to a new branch `nixos-$VERSION`
+- Run the following command
+
+```bash
+npins add channel nixos-$VERSION
+```
+
+- Edit `meta/nixpkgs.nix` and add `$VERSION` to the supported version.
+- Read the release notes and check for changes.
+- Update the nodes versions
+- Create a PR so that the CI check that it builds
+
+
 # Nodes
 
 The nodes are declared statically, several options can be configured:
diff --git a/meta/nixpkgs.nix b/meta/nixpkgs.nix
index b8c6b43..4a90a79 100644
--- a/meta/nixpkgs.nix
+++ b/meta/nixpkgs.nix
@@ -6,5 +6,6 @@
   supported = [
     "unstable"
     "23.11"
+    "24.05"
   ];
 }
diff --git a/meta/nodes.nix b/meta/nodes.nix
index 27449e4..f222066 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -27,7 +27,7 @@
     stateVersion = "23.05";
     vm-cluster = "Hyperviseur NPS";
 
-    nix-modules = [ "services/crabfit" ];
+    nixpkgs = "24.05";
   };
 
   compute01 = {
@@ -35,6 +35,7 @@
 
     stateVersion = "23.05";
     nix-modules = [ "services/stirling-pdf" ];
+    nixpkgs = "24.05";
   };
 
   geo01 = {
@@ -42,7 +43,7 @@
     deployment.tags = [ "geo" ];
 
     stateVersion = "24.05";
-    nixpkgs = "unstable";
+    nixpkgs = "24.05";
   };
 
   geo02 = {
@@ -50,12 +51,13 @@
     deployment.tags = [ "geo" ];
 
     stateVersion = "24.05";
-    nixpkgs = "unstable";
+    nixpkgs = "24.05";
   };
 
   storage01 = {
     site = "pav01";
     stateVersion = "23.11";
+    nixpkgs = "24.05";
 
     nix-modules = [ "services/forgejo-nix-runners" ];
   };
@@ -65,7 +67,7 @@
     deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";
 
     stateVersion = "23.11";
-    nixpkgs = "unstable";
+    nixpkgs = "24.05";
 
     adminGroups = [ "fai" ];
   };
diff --git a/npins/sources.json b/npins/sources.json
index e332a3c..08ee217 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -154,6 +154,12 @@
       "url": "https://releases.nixos.org/nixos/23.11/nixos-23.11.6981.27c13997bf45/nixexprs.tar.xz",
       "hash": "1s4wn0m6bdzxl4rcxzmyy2fdschrdj3nqy6zl85xynaxkb0n1gpj"
     },
+    "nixos-24.05": {
+      "type": "Channel",
+      "name": "nixos-24.05",
+      "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.1135.9b5328b7f761/nixexprs.tar.xz",
+      "hash": "0k8d0xvygkxzvs5ikcw8j0pnksvzdmxdl03i69mni3nxylszyxvl"
+    },
     "nixos-generators": {
       "type": "Git",
       "repository": {
@@ -226,4 +232,4 @@
     }
   },
   "version": 3
-}
\ No newline at end of file
+}
diff --git a/patches/default.nix b/patches/default.nix
index 0338c4c..637d43c 100644
--- a/patches/default.nix
+++ b/patches/default.nix
@@ -6,6 +6,21 @@ let
 in
 
 {
+  "nixos-24.05" = [
+    # netbox qrcode plugin
+    {
+      _type = "commit";
+      sha = "ae4bf4c110378ebacb3989c9533726859cfebbfa";
+      hash = "sha256-SgHhW9HCkDQsxT3eG4P9q68c43e3sbDHRY9qs7oSt8o=";
+    }
+
+    netboxAgent
+
+    {
+      id = "275165";
+      hash = "sha256-9a26V3Pi8yLD3N9+mC1kvJoruxRTp/qOHapnt6VX7pw=";
+    }
+  ];
   "nixos-23.11" = [
     # netbox module
     {