diff --git a/modules/server/containers/apps/nextcloud.nix b/modules/server/containers/apps/nextcloud.nix
index ecdca41..df12843 100644
--- a/modules/server/containers/apps/nextcloud.nix
+++ b/modules/server/containers/apps/nextcloud.nix
@@ -134,20 +134,20 @@ in {
         $OCC config:app:set richdocuments wopi_allowlist --value="10.0.0.0/8"
         ''}
         ${lib.optionalString (serverCfg.containers ? authentik) ''
-        $OCC saml:config:set --general-idp0_display_name="authentik"
-        $OCC saml:config:set --general-uid_mapping="http://schemas.goauthentik.io/2021/02/saml/username"
-        $OCC saml:config:set --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}"
-        $OCC saml:config:set --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/sso/binding/redirect/"
-        $OCC saml:config:set --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/slo/binding/redirect/"
-        AUTHENTIK_CERT=$(psql -h localhost -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n')
-        $OCC saml:config:set --idp-x509cert="$AUTHENTIK_CERT" 
+        $OCC saml:config:set idp0 --general-idp0_display_name="authentik"
+        $OCC saml:config:set idp0 --general-uid_mapping="http://schemas.goauthentik.io/2021/02/saml/username"
+        $OCC saml:config:set idp0 --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}"
+        $OCC saml:config:set idp0 --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/sso/binding/redirect/"
+        $OCC saml:config:set idp0 --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/slo/binding/redirect/"
+        AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h ${serverCfg.dbHost} -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n')
+        $OCC saml:config:set idp0 --idp-x509cert="$AUTHENTIK_CERT" 
 
-        $OCC saml:config:set --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
-        $OCC saml:config:set --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
-        $OCC saml:config:set --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group"
-        $OCC saml:config:set --general-group_provisioning="0"
-        $OCC config:app:set user_saml general-require_provisioning_groups --value="0"
-        # $OCC saml:config:set --general-allowed_groups="cloud,admin"
+        $OCC saml:config:set idp0 --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
+        $OCC saml:config:set idp0 --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+        $OCC saml:config:set idp0 --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group"
+        $OCC saml:config:set idp0 --general-group_provisioning="0"
+        $OCC config:app:set idp0 user_saml general-require_provisioning_groups --value="0"
+        # $OCC saml:config:set idp0 --general-allowed_groups="cloud,admin"
         ''}
         # configure side_menu ...
         FOLDERS=$($OCC teamfolders:list --format=json)
@@ -168,7 +168,7 @@ in {
         $OCC config:app:set theming url --value="https://${containerCfg.subdomain}.${serverCfg.hostDomain}"
         ${lib.optionalString (containerCfg.extra ? name) ''$OCC config:app:set theming name --value="${containerCfg.extra.name}"''}
         ${lib.optionalString (containerCfg.extra ? slogan) ''$OCC config:app:set theming slogan --value="${containerCfg.extra.slogan}"''}
-        $OCC config:app:set theming background_color --value="${serverCfg.colorScheme.palette.base0C}"
+        $OCC config:app:set theming background_color --value="${serverCfg.colorScheme.palette.base02}"
         $OCC config:app:set theming primary_color --value="${serverCfg.colorScheme.palette.base0C}"
 
         #$OCC theming:config logo {serverCfg.colorScheme.logo}