diff --git a/modules/server/containers/apps/authentik.nix b/modules/server/containers/apps/authentik.nix
index bb2faf3..b92fa0a 100644
--- a/modules/server/containers/apps/authentik.nix
+++ b/modules/server/containers/apps/authentik.nix
@@ -11,6 +11,7 @@ let
     // (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.domain}";} else {})
     // (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.domain}";} else {})
     // (if serverCfg.containers?immich then { IMMICH_DOMAIN = "${serverCfg.containers.immich.subdomain}.${serverCfg.domain}";} else {})
+    // (if serverCfg.containers?homepage then { HOMEPAGE_DOMAIN = "${serverCfg.containers.homepage.subdomain}.${serverCfg.domain}";} else {})
     // (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.domain}";} else {});
   };
 in {
@@ -49,6 +50,8 @@ in {
         AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
       };
       overrides = {
+        environmentFiles =  [ config.sops.secrets."AUTHENTIK".path config.sops.secrets."CUSTOM".path ] ;
+      
         cmd = [ "server" ];
         volumes = [
           "${serverCfg.configPath}/authentik/media:/media"
@@ -104,6 +107,7 @@ in {
       ${lib.optionalString (serverCfg.containers ? jellyfin) ''$AK apply_blueprint /blueprints/custom/jellyfin.yaml''}
       ${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}
       ${lib.optionalString (serverCfg.containers ? immich) ''$AK apply_blueprint /blueprints/custom/immich.yaml''}
+      ${lib.optionalString (serverCfg.containers ? homepage) ''$AK apply_blueprint /blueprints/custom/homepage.yaml''}
 
       echo "Completed Authentik Setup"
       '';
diff --git a/modules/server/containers/data/authentik/homepage.yaml b/modules/server/containers/data/authentik/homepage.yaml
new file mode 100644
index 0000000..42134f9
--- /dev/null
+++ b/modules/server/containers/data/authentik/homepage.yaml
@@ -0,0 +1,58 @@
+version: 1
+metadata:
+  name: "Homepage Dashboard - OIDC Provisioning"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+
+entries:
+  # 1. Create the OIDC Scope Mapping for Groups
+  - model: authentik_providers_oauth2.scopemapping
+    identifiers:
+      slug: homepage-scope-groups
+    attrs:
+      name: "Homepage Custom Scope: Groups"
+      scope_name: "groups"
+      description: "Pass user groups array to Homepage for conditional element rendering"
+      expression: |
+        return {
+            "groups": [group.name for group in request.user.ak_groups.all()]
+        }
+
+  # 2. Create the OAuth2/OIDC Provider
+  - model: authentik_providers_oauth2.oauth2provider
+    identifiers:
+      slug: homepage-provider
+    attrs:
+      name: "Homepage Dashboard Provider"
+      client_type: "confidential"
+      client_id: !Env HOMEPAGE_CLIENT_ID"
+      client_secret: !Env HOMEPAGE_CLIENT_SECRET"
+      authorization_flow:
+        !Find [authentik_flows.flow, [slug, default-authorization-flow]]
+      # Update this URI to match your dashboard's literal URL
+      redirect_uris:
+        - "https://@HOMEPAGE_DOMAIN@"
+      # Bind default OpenID scopes plus our custom groups scope
+      property_mappings:
+        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
+        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
+        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [slug, homepage-scope-groups],
+          ]
+
+  # 3. Create the Application and link it to the Provider
+  - model: authentik_core.application
+    identifiers:
+      slug: homepage-dashboard
+    attrs:
+      name: "Homepage Dashboard"
+      slug: "homepage"
+      launch_url: "@HOMEPAGE_DOMAIN@"
+      provider:
+        !Find [
+          authentik_providers_oauth2.oauth2provider,
+          [slug, homepage-provider],
+        ]
+      open_in_new_tab: false
diff --git a/modules/server/sops/server.yaml b/modules/server/sops/server.yaml
index 5f0bd03..4401fc2 100644
--- a/modules/server/sops/server.yaml
+++ b/modules/server/sops/server.yaml
@@ -1,4 +1,4 @@
-CUSTOM: ENC[AES256_GCM,data:+ge3AyrR0r0myNSMF42iO9JaMk6MfDH5deiBlRj5f0MIXIFtD43MPs1sB4/tjFLKY873aq/UJcgyu6jGz8+FQbdqfsYhIVUHAFeNqCoFbEGtyhZZxf++qtw83HNV+loTygeRPHyIJArLoimUdyuBvibXIB72tjoqz7xuvpC6BfN0hI4mIU4dc+28B/G780t2bzSrzvsgE6svbj0hmpZOBXovkPKF5CfCFKSPRZ0D8htNjcoiygczoFKSgj3MPR6wHNHzt87ik0iNOyTsK9Gu3rk74Tzm6PE2dAKW7szvbwDPIGDh8FFe9mWOdJPSz8Cg9IyMuU4+anZMbyfC4oAjUF/bKySIsR0QZNKmGrSi94BbWTgkdnSeOtP1LLLnLHGzyrJdUXmaFo/XIOhcelhPX0KzCxW+85qVV3L6V9+u3GaPhhCPwep972xM3c25XN+EJg/J5d8GWvAUByj2/CTDzlZDABt/J24IeuqrK4yWHgRSfNYdBhCnsLkn13bZo6s1wSY8GdYwNje1SS+C9hNriScU3EUDwmh64AyW0RRP3RZfebjDQJGqoQxuYp9cjC/9CYM1BEaQ4fFyQCONJgQjiy+w7LcNAJEI6BLl54Z6Nm03a17MyH0TmVoowVasgoRoOTL1zMVP/l+rvoCxIVjNqqks76pAGQ8HDg7PcnfRiczuBIfIB2uw53Ev8zcKaJhlelCpL1nSw6i32QWZypxyz42piy4Uiby7yFc32n8iEvi73gqQo8zEcwiVFC0zJptdjqGOylMGQwGVX46NrFKdnx/5KkYcUGnK1va/0LYPpdLJwywzuMqP+sF+EfwqEUXdltUpWC7yb9vXBSxPIUdQAUPUHDs8aI+pXUubobyiFXF9NLJlK2NLB9WXThV+6vZSMYOHpvY4AeijzGK4D6x4ETUFU1WqXkXlQFFI3C4eZW+2Og2hIIegzqfq/hf/qX3Y/gW8H1J1mswNpDU8dHH33Pim/b79VNV+QX6BA3hKmlKi/YSXgbOpFXUDX7sY3/4ljd1Wqd6a9mWTcssZ0osYzormOffxTriqLr8VaiTZUHi6AQnpVVSi9wKir/dEuQhvyDxMA7gVEtbjPBFcOQyxH1rZesGLmbANIfnpBqI1Gv2tx6UCMrkocYxgKdZaH5QEYGG4i/ul,iv:5gU606gsV26rHAvF+F9gNVJK86+g5j8APsl72FJVMAw=,tag:SclRqy3hntTwbufpaW5A8g==,type:str]
+CUSTOM: ENC[AES256_GCM,data:v32u5imR24SQPfyM6uCTqyigpDpwYo+QI5d7h3mbJAR8oQXrdrks+ritcigAAtWQR/2tyM3kdvgtInW347u7lbACmOzKJn4qEt8wNgEI7Bot6HzTb1QzlEGmxhVxBo9IXd/nUJVy5xFGVfz/nz+IoF+PYaajOk3R1/csAiJVtqnuX2PtB99qLLB5JxEUqWBamdgxyYCvIubfL111RrhGAyq2eS9FoLtlDJV2CQ16pHWNt/9jBovwuQcRL1DmZdYTbcnsbXGrxNPSFLvOh3wRzYVK8zD3HTegrllRVZI4ucQrGzFGMNhwpXhR91vtYp1NHPMuOjYA/SKfo/Z47wmSsuA7sN24gGNAmtuFA9ngdIMn8DGj+tuj4VjNQBOXv3tGjcQ8fwTiIYy4oDYz9rm/142/MsjXCjKqDOmRCeA32KaFG5SDK0CbnTOIYTZ7+MUGs849vYvZSD0q/+uby2qMvQZxr5RfDEVUN5ieIfR+gdosUrjFoI+Dn1locGw172HdFtCKkBNpOGfduEDLAG6SL+V2IbVUTyIWWvI4NHxFpCv2QIlgTfESvW0me+jGBz0HENBqVfGKZOyLFe0CMnI2jRdhwuesBppEdifPgsU8AP7OvmA5jU/5hfDRmobv9ZLX8VOkrEe4LNEhybNApzQr4jot2snnu7uhU+k1ea10rNF1C7aFYCX2qS6acQdiVGpHN1dz7anq34RuXUelA2mbWIX2Oe02TgAqNQ+c0pmKzFYv/iTrjDv2NOGKe9Hobo1oeNrM1aOm3h4isNzkAUpvnJW+Lk3aCWeLb+3xCq/jn8I27Mb269XgwZYIlhb8T5HZKsWMiLe7i5RaF5DyKTST6/zUfFtQE6KdOvIsROh54Jkh9pCnXIbffPs2RRblaBv31WH4efEbtXuF+3JHIOfv0OPWEO9VoEeAZZHL8PuHZ9YDwblDPiuRcZlB+KNFr792Tprk6e5KkBo872ceukc4k4pemR7WE0LSIA6X4RJJlCCiocGWWU/v3fCzf9jqa/T8yiINAyhFgyT7+8MkKeKo6D3ryrRZnnWukBbJwM156QYSSIPs3DuQiRc2NorEoLkujLtqpMiAvwKgezG5wj1QRThRsHcG2ANXaP33bFKeVHgh6PRSEgkkhp9ahEAadsvHuomaiBsUv3haahV45FOyH+pH/WQJkMH4jUCwvMN+alJbaXP6s00RYge17Ng7KP0=,iv:bTWJJY/wAw79E1VwPCPGKhMpYD7gA8AJC6csCY7dADU=,tag:YalqYrrQuOtTqT/yaiEByQ==,type:str]
 TRAEFIK: ENC[AES256_GCM,data:Ei+/OL7xwNaOEg3rSaz95N78nvp51lC63XCplNzeD+bBMGcK9G7HoyQxfpaJ7S0MkuMW0ZXT2nJ4GES40GoJCZIrnEiSBm2tpjDfNjlS/rFwxx0wVfM1nsEuBf3pL5dqiCNa9+Lad2Cd,iv:d1MH0ive+E8xuUK0CIOXZeEigHJKVGlFaq0iH4KSbZA=,tag:VTARuNeotr2I0+fdOk+iqA==,type:str]
 AUTHENTIK: ENC[AES256_GCM,data:HlUFb7JjzSMTM345miSLlUE4SEXgaRAx7SkDDQzaJzs9VuifJKtOE2M4PCKc35VjVt9xIFH+YoIE93re10Rwbe+QEaUphPOgb/G7jRhaaPV/roBYuv6uO5xy68jaVJZpobxajOSVUmJa1JANCh1qrX0+Imr6udYULvK6wQzAnu2tEDkElQ3eZtezUa4E5ia1j7RCYTTPW9oie+YEVJl5Aws2HzPK5q0wKojZOmHanbnKzij3KnSgtsMc3ftL1Fam3wlSk2n3Tw0nz8aBag9IPwYje5zdBkDJY6qiBwYKcBPQUIW+Na0xX2JHymwJSzMdKmW8cEV9b1fXCPsnYVXulb4VMVkTk4MibZ3YT57wlFhqhSy7D39ZTySllIZg8sOrj8cKhpJ3HlSbceD1GnPJatVzZkDkDeyICLu9sYX3B+KrCDlL5sUMPagUFc3g3HUAPxLVPltoP69ro69acUoz5w8gkAwHlE45I3biC/jLz4telEcW8GkF868j3gsHiayE3f87T5MOPvuvhAFdSMl3SF1ND3mWjJq7+FmA6BhxgESg4m+vPnYyVumcbXJnbgfW69BgPYcL1CWZcA+SP6OWg9GOYT5SuWixkaGn2TgRAUj3nlCcAja8,iv:uXAyOIBl9lGYBvALMdvp2hf6cj6QGWRcyUvEsjIDr1I=,tag:iLxO/qYT2zafXhFGVVUYkA==,type:str]
 NEXTCLOUD: ENC[AES256_GCM,data:IWitzubILQ5SrGdO3UQZboisqAECt5lXOqHVg4yAKxedG7ZLOgVp6jPV+4VVDC13KEkxIsiYjjNvjqnOXCdYWQIC13YZ+o2IBDI9PgavBB3nmjfi0Q7BVki6C8qCtbM5H9uFlQ3h7rkPyEbE3pHa3dY5uwgdtmvw3qKf2UAZGIJCU7dKamjuTCucGitOEG434jFQik9duHZs7EV3AZrkLXqOfdvftvdpciDb/4/K7h/4uEYSXJ94Lf0b16/NRUcR,iv:1UvcbqC3hJEHU9t6Z+N226DTJEcgM315ynYkxPKpYSM=,tag:FGkXlUw+7LRu1/cpMys7OA==,type:str]
@@ -32,8 +32,8 @@ sops:
             S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
             d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-31T11:03:08Z"
-    mac: ENC[AES256_GCM,data:gjoWffoFZSfDQSoz3gtt9WO7dITWYPjqI6C9LLGhB6sdBPpNMKtnnOd/3xYa6mk925aRiW4kyPmOSmoxVwC4rX8ftLBSCjVKmf5EuGg/eo7hEU9Igkb3BTk/siBMppBChf9F+3NK1V2iAUstte6EhGw50i0NKiuPv575Js/WJDI=,iv:I1sIPlb4a+hf7ABAVXwNvCcNHR17EzdEhdBxR2WFmlI=,tag:vg761r3Jxeze08Vj3fnwLA==,type:str]
+    lastmodified: "2026-05-31T12:17:44Z"
+    mac: ENC[AES256_GCM,data:2zhI9jCR045JOZrKKGwQCzcZmL3RvgOZgrKS4nxljWuDgglbpa29D46uq73yFaBQVhjt8fl+vGutZJfwM+TJokPMf61HXXN3uC1MiBy1RlMVnIcWL7aFQLzbwFvoMVV0fmaGSz+zBOOh6ypBykOkGo6VTUHGHwPvjgY21N2jDQU=,iv:xN7ULx1Bp8Fwq2aojj7fwkZT8nssybqMJ62zKNymH3Y=,tag:LG7c0sjY5AwIDmx+GD3drg==,type:str]
     pgp:
         - created_at: "2026-05-05T23:46:27Z"
           enc: |-