diff --git a/20125/config.yml b/20125/config.yml
index 7a06670..64b9dc3 100644
--- a/20125/config.yml
+++ b/20125/config.yml
@@ -31,7 +31,7 @@ applications:
   - instance: homeassistant.pyrocufflink.blue
 
 - name: Nextcloud
-  url: &url https://nextcloud.pyrocufflink.net/
+  url: &url https://nextcloud.pyrocufflink.net/index.php
   icon:
     url: icons/nextcloud.png
   alerts:
diff --git a/firefly-iii/kustomization.yaml b/firefly-iii/kustomization.yaml
index 694db58..49798d8 100644
--- a/firefly-iii/kustomization.yaml
+++ b/firefly-iii/kustomization.yaml
@@ -55,4 +55,4 @@ patches:
               defaultMode: 0640
 images:
 - name: docker.io/fireflyiii/core
-  newTag: version-6.1.22
+  newTag: version-6.1.25
diff --git a/home-assistant/configuration.yaml b/home-assistant/configuration.yaml
index 14870c9..e1cdd75 100644
--- a/home-assistant/configuration.yaml
+++ b/home-assistant/configuration.yaml
@@ -38,6 +38,15 @@ recorder:
   commit_interval: 0
 
 homeassistant:
+  auth_providers:
+  - type: homeassistant
+  - type: trusted_networks
+    trusted_networks:
+    - 172.31.1.81/32
+    trusted_users:
+      172.31.1.81:
+      - 03a8b3528f1145ab908e20ed5687d893
+    allow_bypass_login: true
   whitelist_external_dirs:
   - /config
   - /tmp
diff --git a/home-assistant/kustomization.yaml b/home-assistant/kustomization.yaml
index 495a452..9eb98aa 100644
--- a/home-assistant/kustomization.yaml
+++ b/home-assistant/kustomization.yaml
@@ -30,6 +30,7 @@ configMapGenerator:
   - restart-diddy-mopidy.sh
   - restart-kitchen-mqttmarionette.sh
   - shell-command.yaml
+  - shutdown-kiosk.sh
   - ssh_known_hosts
   - rest-command.yaml
   options:
@@ -117,14 +118,14 @@ patches:
               name: dch-root-ca
 images:
 - name: ghcr.io/home-assistant/home-assistant
-  newTag: 2024.11.2
+  newTag: 2024.12.5
 - name: docker.io/rhasspy/wyoming-whisper
-  newTag: 2.2.0
+  newTag: 2.4.0
 - name: docker.io/rhasspy/wyoming-piper
   newTag: 1.5.0
 - name: docker.io/koenkk/zigbee2mqtt
-  newTag: 1.41.0
+  newTag: 1.42.0
 - name: docker.io/zwavejs/zwave-js-ui
-  newTag: 9.27.2
+  newTag: 9.29.0
 - name: docker.io/library/eclipse-mosquitto
   newTag: 2.0.20
diff --git a/home-assistant/shell-command.yaml b/home-assistant/shell-command.yaml
index 3d5ffbb..e2a52e1 100644
--- a/home-assistant/shell-command.yaml
+++ b/home-assistant/shell-command.yaml
@@ -6,3 +6,6 @@ restart_diddy_mopidy: >-
 
 restart_kitchen_mqttmarionette: >-
   sh /run/config/restart-kitchen-mqttmarionette.sh
+
+shutdown_kiosk: >-
+  sh /run/config/shutdown-kiosk.sh
diff --git a/home-assistant/shutdown-kiosk.sh b/home-assistant/shutdown-kiosk.sh
new file mode 100644
index 0000000..b4179d8
--- /dev/null
+++ b/home-assistant/shutdown-kiosk.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+set -e
+ssh -i /run/secrets/home-assistant/sshkey.pem -oUserKnownHostsFile=/run/config/ssh_known_hosts -oBatchMode=yes kiosk@deskpanel.pyrocufflink.red doas systemctl poweroff
diff --git a/home-assistant/ssh_known_hosts b/home-assistant/ssh_known_hosts
index 9eaa503..5ce5ecf 100644
--- a/home-assistant/ssh_known_hosts
+++ b/home-assistant/ssh_known_hosts
@@ -1,2 +1,3 @@
 diddy.pyrocufflink.red ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILx6gRqlVnvdqTIJTH16NBLJ4ORfTsBaUIEpt5ZMkkNW
 kitchen.pyrocufflink.red ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLzMLOlFXPiovBwYLmXCVV8Md/xR36zwPj6egT9V3O7
+deskpanel.pyrocufflink.red ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcvO0jsZ8U2mw/HHs0BHbbEI48W0fxti8f5DuNyFS2L
diff --git a/jenkins/ssh_known_hosts b/jenkins/ssh_known_hosts
index bac68f7..2d972f3 100644
--- a/jenkins/ssh_known_hosts
+++ b/jenkins/ssh_known_hosts
@@ -1,4 +1,5 @@
 @cert-authority *.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII24CZGosLMTny0a2eDB6KOG47FhlwVkTEFQNAYzKV0t
+@cert-authority *.pyrocufflink.black ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII24CZGosLMTny0a2eDB6KOG47FhlwVkTEFQNAYzKV0t
 files.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+S6aTqXJ15DV3NczbPXVQKXxbvMVtaHToShsrhxps1GGWcJU/pbZtpAQcN4OGth7DQ1Q/1RvrFS+Fd/5U4wv4=
 files.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzOkLdjAJDPyja2o4+Km52VNM4t7jeYTyMVYl4gtudq
 files.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbgN04bblL95EStM+wpGF1asvEOL6vmH/oNTIBRd0HbTz8jRa3CMOGWWG7/xGIRjrXglAGURGZ/EOqkyGIsciVtC53lwLuyZT18sqHrmp8S5uq/rNaY3rSVfc7kW/fXsNksjtwnQ/sNtawSZ6UFv+p/X47qOGv0XPAwAzoXDwDpQ27wOz1YnbBa+5itThLh6QvxgM1DKnb78uZ1TBpaCCdtL2iH1IVo3FLmah9bNWvUU1QECKyOUDw3IiwIS6owtHIrpdCiZTlPSJhBLPvv7P/L9V0bTfREP+MMDBT1hhj2NUgmDxC4sDd8k1Qy/qxeyU/FA+7dn7K8YVIEe9rNbs/
diff --git a/paperless-ngx/kustomization.yaml b/paperless-ngx/kustomization.yaml
index 6006e6b..5a233ab 100644
--- a/paperless-ngx/kustomization.yaml
+++ b/paperless-ngx/kustomization.yaml
@@ -47,6 +47,6 @@ images:
 - name: ghcr.io/paperless-ngx/paperless-ngx
   newTag: 2.13.5
 - name: docker.io/gotenberg/gotenberg
-  newTag: 8.13.0
+  newTag: 8.14.1
 - name: docker.io/apache/tika
   newTag: 3.0.0.0
diff --git a/victoria-metrics/alerts.yml b/victoria-metrics/alerts.yml
index fb7a334..94c4dda 100644
--- a/victoria-metrics/alerts.yml
+++ b/victoria-metrics/alerts.yml
@@ -225,32 +225,16 @@ groups:
         the issue as soon as possible.
   - alert: Last Backup Age
     expr: >-
-      time() - restic_backup_timestamp > 604800
+      time() - restic_backup_timestamp{
+        client_hostname!="luma.pyrocufflink.blue",
+        client_hostname!="toad.pyrocufflink.blue",
+      }> 604800
     annotations:
       summary: A Restic client has not backed up recently
       description: >-
         Clients are scheduled to back up every day, but at least one has not
         been backed up in at least 7 days.  Check the Restic configuration on
         that system to ensure backups are running properly.
-  - alert: No File Changes
-    expr: >-
-      max_over_time(
-        abs(
-          delta(
-            sum(restic_backup_size_total{
-              client_hostname!="pxe0.pyrocufflink.blue",
-              client_hostname!="web0.pyrocufflink.blue",
-            })
-              by (client_hostname, client_username)
-          )
-        )[7d]
-      ) == 0
-    annotations:
-      summary: The size of the Restic backup has not changed
-      description: >-
-        The size of the Restic backup for a particular client has not changed
-        in at least 7 days.  This may indicate that the backup configuration
-        is incorrect.
 
 - name: Paperless-ngx
   rules:
@@ -273,11 +257,11 @@ groups:
         for details about the task failures.
   - alert: Paperless email task not running
     expr: >-
-      absent(
+      absent_over_time(
         flower_events_total{
           type="task-started",
           task="paperless_mail.tasks.process_mail_accounts"
-        }
+        }[12h]
       )
     annotations:
       summary: Paperless task to process mail accounts has not run recently
diff --git a/victoria-metrics/scrape.yml b/victoria-metrics/scrape.yml
index bf63b94..96ff173 100644
--- a/victoria-metrics/scrape.yml
+++ b/victoria-metrics/scrape.yml
@@ -57,7 +57,7 @@ scrape_configs:
     - http://pyrocufflink.net/
     - http://ebonfire.com/
     - http://chmod777.sh/
-    - https://nextcloud.pyrocufflink.net/
+    - https://nextcloud.pyrocufflink.net/index.php
     - https://bitwarden.pyrocufflink.blue/
     - https://git.pyrocufflink.blue/
     - https://tabitha.biz/