diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock
index 95d159e..33f95d6 100644
--- a/hosts/h001/flake.lock
+++ b/hosts/h001/flake.lock
@@ -1779,11 +1779,11 @@
     },
     "trilium-nixpkgs": {
       "locked": {
-        "lastModified": 1759733170,
-        "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
+        "lastModified": 1759831965,
+        "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8913c168d1c56dc49a7718685968f38752171c3b",
+        "rev": "c9b6fb798541223bbb396d287d16f43520250518",
         "type": "github"
       },
       "original": {
diff --git a/hosts/h001/mods/litellm.nix b/hosts/h001/mods/litellm.nix
index b04b31b..10b53d2 100644
--- a/hosts/h001/mods/litellm.nix
+++ b/hosts/h001/mods/litellm.nix
@@ -4,7 +4,7 @@
 }:
 let
   declaration = "services/misc/litellm.nix";
-  nixpkgs = inputs.open-webui-nixpkgs;
+  nixpkgs = inputs.litellm-nixpkgs;
   pkgs = import nixpkgs {
     system = "x86_64-linux";
     config.allowUnfree = true;
diff --git a/hosts/h001/mods/oauth2-proxy.nix b/hosts/h001/mods/oauth2-proxy.nix
index ca06729..bfb34fa 100644
--- a/hosts/h001/mods/oauth2-proxy.nix
+++ b/hosts/h001/mods/oauth2-proxy.nix
@@ -5,7 +5,7 @@
 }:
 let
   declaration = "services/security/oauth2-proxy.nix";
-  nixpkgs = inputs.open-webui-nixpkgs;
+  nixpkgs = inputs.oauth2-proxy-nixpkgs;
   pkgs = import nixpkgs {
     system = "x86_64-linux";
     config.allowUnfree = true;
@@ -40,7 +40,7 @@ in
         # show-debug-on-error = "true";
         # errors-to-info-log = "true";
       };
-      cookie.refresh = "30m";
+      cookie.refresh = "12h";
       # setXauthrequest = true;
     };
 
diff --git a/hosts/h001/mods/trilium.nix b/hosts/h001/mods/trilium.nix
index 63db1f4..863246d 100644
--- a/hosts/h001/mods/trilium.nix
+++ b/hosts/h001/mods/trilium.nix
@@ -1,10 +1,11 @@
 {
   inputs,
+  lib,
   ...
 }:
 let
   declaration = "services/web-apps/trilium.nix";
-  nixpkgs = inputs.open-webui-nixpkgs;
+  nixpkgs = inputs.trilium-nixpkgs;
   pkgs = import nixpkgs {
     system = "x86_64-linux";
     config.allowUnfree = true;
@@ -20,12 +21,23 @@ in
       port = 9111;
       host = "127.0.0.1";
       dataDir = "/var/lib/trilium";
+      # NOTE using oauth2-proxy for auth, ensure that is not removed below while keeping this on
       noAuthentication = true;
       instanceName = "joshuabell";
     };
 
     systemd.services.trilium-server.environment = {
       TRILIUM_NO_UPLOAD_LIMIT = "true";
+
+      # TRILIUM_PUBLIC_URL = "https://notes.joshuabell.xyz";
+
+      # TODO this did not work... sad we use oauth2-proxy instead
+      # TRILIUM_OAUTH_BASE_URL = "https://notes.joshuabell.xyz";
+      # TRILIUM_OAUTH_CLIENT_ID = "REPLACE";
+      # TRILIUM_OAUTH_CLIENT_SECRET = "REPLACE";
+      # TRILIUM_OAUTH_ISSUER_BASE_URL = "https://sso.joshuabell.xyz/.well-known/openid-configuration";
+      # TRILIUM_OAUTH_ISSUER_NAME = "SSO";
+      # TRILIUM_OAUTH_ISSUER_ICON = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg";
     };
 
     services.oauth2-proxy.nginx.virtualHosts."notes.joshuabell.xyz" = {