diff --git a/modules/boot.nix b/modules/boot.nix
index 0057436..49f0880 100644
--- a/modules/boot.nix
+++ b/modules/boot.nix
@@ -1,12 +1,11 @@
 { config, pkgs, ... }:
 
 {
-  boot.loader.systemd-boot = {
+  boot.loader.grub = {
     enable = true;
-    editor = false;
+    device = "/dev/sda";
     configurationLimit = 10;
   };
-  boot.loader.efi.canTouchEfiVariables = true;
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.kernelModules = [ "tcp_bbr" ];
diff --git a/modules/matrix.nix b/modules/matrix.nix
index 83ef471..f15ba6c 100644
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@@ -61,13 +61,15 @@ in
 
   services.postgresql = {
     enable = true;
-    ensureDatabases = [ "matrix-synapse" ];
-    ensureUsers = [
-      {
-        name = "matrix-synapse";
-        ensureDBOwnership = true;
-      }
-    ];
+    initialScript = pkgs.writeText "synapse-init.sql" ''
+      CREATE ROLE "matrix-synapse" WITH LOGIN;
+      CREATE DATABASE "matrix-synapse"
+        OWNER "matrix-synapse"
+        TEMPLATE template0
+        LC_COLLATE = 'C'
+        LC_CTYPE = 'C'
+        ENCODING = 'UTF8';
+    '';
   };
 
   services.livekit = {
diff --git a/modules/nginx.nix b/modules/nginx.nix
index f109564..73cdd34 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -26,6 +26,11 @@ let
   };
 in
 {
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "me@atri.dad";
+  };
+
   services.nginx = {
     enable = true;