diff --git a/machines/compute01/ds-fr/module.nix b/machines/compute01/ds-fr/module.nix
index 96fe4d5..3a9756c 100644
--- a/machines/compute01/ds-fr/module.nix
+++ b/machines/compute01/ds-fr/module.nix
@@ -364,7 +364,7 @@ in {
 
         ensureUsers = optional (cfg.user == "ds-fr") {
           name = "ds-fr";
-          ensurePermissions = { "DATABASE \"ds-fr\"" = "ALL PRIVILEGES"; };
+          ensureDBOwnership = true;
         };
 
         extraPlugins = with config.services.postgresql.package.pkgs;
diff --git a/machines/compute01/hedgedoc.nix b/machines/compute01/hedgedoc.nix
index d37a728..21a06d7 100644
--- a/machines/compute01/hedgedoc.nix
+++ b/machines/compute01/hedgedoc.nix
@@ -41,7 +41,7 @@ in {
 
       ensureUsers = [{
         name = "hedgedoc";
-        ensurePermissions = { "DATABASE hedgedoc" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
       }];
     };
   };
diff --git a/machines/compute01/mastodon.nix b/machines/compute01/mastodon.nix
index 4a30e80..d2b7551 100644
--- a/machines/compute01/mastodon.nix
+++ b/machines/compute01/mastodon.nix
@@ -12,6 +12,8 @@ in {
 
     };
 
+    streamingProcesses = 4;
+
     configureNginx = true;
 
     extraConfig = {
diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix
index e88386b..4079f2f 100644
--- a/machines/compute01/nextcloud.nix
+++ b/machines/compute01/nextcloud.nix
@@ -68,8 +68,6 @@ in {
 
     autoUpdateApps.enable = true;
 
-    enableBrokenCiphersForSSE = false;
-
     extraOptions = {
       overwritehost = host;
       "overwrite.cli.url" = "https://${host}";
diff --git a/machines/compute01/vaultwarden.nix b/machines/compute01/vaultwarden.nix
index 58b6991..e28f689 100644
--- a/machines/compute01/vaultwarden.nix
+++ b/machines/compute01/vaultwarden.nix
@@ -64,7 +64,7 @@ in {
 
       ensureUsers = [{
         name = "vaultwarden";
-        ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
       }];
     };
   };
diff --git a/machines/storage01/atticd.nix b/machines/storage01/atticd.nix
index 3a738ae..014a21d 100644
--- a/machines/storage01/atticd.nix
+++ b/machines/storage01/atticd.nix
@@ -61,7 +61,7 @@ in {
 
       ensureUsers = [{
         name = "atticd";
-        ensurePermissions = { "DATABASE \"atticd\"" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
       }];
     };
   };
diff --git a/machines/storage01/forgejo.nix b/machines/storage01/forgejo.nix
index 5ac1e57..2f89a25 100644
--- a/machines/storage01/forgejo.nix
+++ b/machines/storage01/forgejo.nix
@@ -16,6 +16,7 @@ in {
       user = "git";
       name = "gitea";
       passwordFile = config.age.secrets."forgejo-database_password_file".path;
+      createDatabase = false;
     };
 
     settings = {
diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix
index 9d2e53b..05cbef6 100644
--- a/machines/storage01/garage.nix
+++ b/machines/storage01/garage.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
 let
   host = "s3.dgnum.eu";
@@ -13,9 +13,13 @@ in {
   services.garage = {
     enable = true;
 
+    package = pkgs.garage_0_8;
+
     settings = {
       inherit data_dir metadata_dir;
 
+      db_engine = "sled";
+
       replication_mode = "none";
       compression_level = 7;
 
diff --git a/meta/nodes.nix b/meta/nodes.nix
index 401da3c..c07cb3b 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -17,7 +17,7 @@ let
 
     deployment = { };
 
-    nixpkgs = "23.05";
+    nixpkgs = "23.11";
   } // attrs;
 in
 
@@ -27,6 +27,7 @@ builtins.mapAttrs mkNode {
       tags = [ "web" ];
     };
 
+    nixpkgs = "23.05";
     stateVersion = "23.05";
   };