diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix
index bed7c7d..908e08a 100644
--- a/machines/dns01/_configuration.nix
+++ b/machines/dns01/_configuration.nix
@@ -14,13 +14,6 @@ lib.extra.mkConfig {
     # TODO : retrieve this address from meta/network.nix
     deployment.targetHost = "45.13.104.26";
     deployment.tags = [ "cst1" ];
-    networking.firewall = {
-      enable = true;
-      logRefusedConnections = lib.mkForce true;
-      logRefusedPackets = lib.mkForce true;
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 ];
-    };
   };
 
   root = ./.;
diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix
index eadb42c..23b2f94 100644
--- a/machines/dns01/lab.dgnum.eu.nix
+++ b/machines/dns01/lab.dgnum.eu.nix
@@ -35,6 +35,8 @@ with dns.lib.combinators;
 
     kfet = host "129.199.146.230" "2a0e:e701:1120:1000::f:1";
 
+    voice = host "129.199.146.105" null;
+
     # Nameservers
     ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
 
diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix
index 9e0c5bb..b26ab74 100644
--- a/machines/dns01/nsd.nix
+++ b/machines/dns01/nsd.nix
@@ -21,4 +21,9 @@ in
       };
     };
   };
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [ 53 ];
+  };
 }
diff --git a/machines/photo01/immich.nix b/machines/photo01/immich.nix
index 81cfd7c..a12b6a9 100644
--- a/machines/photo01/immich.nix
+++ b/machines/photo01/immich.nix
@@ -11,6 +11,9 @@
     enableACME = true;
     forceSSL = true;
     serverAliases = [ ];
-    locations."/".proxyPass = "http://localhost:3001/";
+    locations."/" = {
+      proxyPass = "http://localhost:3001/";
+      proxyWebsockets = true;
+    };
   };
 }
diff --git a/machines/voice01/_configuration.nix b/machines/voice01/_configuration.nix
new file mode 100644
index 0000000..6c59a80
--- /dev/null
+++ b/machines/voice01/_configuration.nix
@@ -0,0 +1,25 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+  ];
+
+  enabledServices = [
+    # List of services to enable
+    "murmur"
+    "nginx"
+  ];
+
+  extraConfig = {
+    deployment.tags = [ "cst1" ];
+    networking = {
+      firewall.allowedTCPPorts = [
+        80
+        443
+      ];
+    };
+  };
+
+  root = ./.;
+}
diff --git a/machines/voice01/_hardware-configuration.nix b/machines/voice01/_hardware-configuration.nix
new file mode 100644
index 0000000..8b0d66a
--- /dev/null
+++ b/machines/voice01/_hardware-configuration.nix
@@ -0,0 +1,34 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    initrd.kernelModules = [ ];
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+    initrd.availableKernelModules = [
+      "ata_piix"
+      "uhci_hcd"
+      "virtio_pci"
+      "virtio_scsi"
+      "sd_mod"
+      "sr_mod"
+    ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-partlabel/disk-sda-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-partlabel/disk-sda-ESP";
+    fsType = "vfat";
+  };
+
+  networking.useDHCP = lib.mkDefault false;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/machines/voice01/murmur.nix b/machines/voice01/murmur.nix
new file mode 100644
index 0000000..431773e
--- /dev/null
+++ b/machines/voice01/murmur.nix
@@ -0,0 +1,21 @@
+let
+  port = 64738;
+in
+{
+  services.murmur = {
+    inherit port;
+    enable = true;
+    openFirewall = true;
+    users = 16;
+    welcometext = "Bienvenue sur le serveur Mumble expérimental de la DGNum.";
+    registerHostname = "voice.lab.dgnum.eu";
+    password = "coupe-boulon";
+    logFile = "/var/log/murmur/murmurd.log";
+  };
+  services.nginx.virtualHosts."voice.lab.dgnum.eu" = {
+    enableACME = true;
+    forceSSL = true;
+    serverAliases = [ ];
+    locations."/".proxyPass = "http://localhost:${toString port}/";
+  };
+}
diff --git a/machines/voice01/nginx.nix b/machines/voice01/nginx.nix
new file mode 100644
index 0000000..b44aeaa
--- /dev/null
+++ b/machines/voice01/nginx.nix
@@ -0,0 +1,10 @@
+{
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    clientMaxBodySize = "500m";
+  };
+}
diff --git a/machines/voice01/secrets/secrets.nix b/machines/voice01/secrets/secrets.nix
new file mode 100644
index 0000000..8df0a71
--- /dev/null
+++ b/machines/voice01/secrets/secrets.nix
@@ -0,0 +1,3 @@
+(import ../../../keys).mkSecrets [ "voice01" ] [
+  # List of secrets for router02
+]
diff --git a/meta/network.nix b/meta/network.nix
index d400779..4e69662 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -162,5 +162,22 @@ in
 
     hostId = "999dc679";
   };
+  voice01 = {
+    interfaces = {
+      ens18 = {
+        ipv4 = [
+          {
+            address = "129.199.146.105";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "129.199.146.254" ];
+        enableDefaultDNS = true;
+      };
+    };
+
+    hostId = "9d05edd1";
+  };
 }
 // mkRoutexp (import ./routexp.nix)
diff --git a/meta/nodes.nix b/meta/nodes.nix
index f5406f3..bdb9857 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -104,6 +104,14 @@ in
 
     deployment.targetHost = "129.199.146.39";
 
+    stateVersion = "24.11";
+    nixpkgs = "unstable";
+  };
+  voice01 = {
+    site = "pav01";
+
+    hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
+
     stateVersion = "24.11";
     nixpkgs = "unstable";
   };
diff --git a/npins/sources.json b/npins/sources.json
index 9a7fa67..63b2f57 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -211,4 +211,4 @@
     }
   },
   "version": 3
-}
\ No newline at end of file
+}