diff --git a/README.md b/README.md
index a237b65..cca688a 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,10 @@
   - [Prerequisites](#prerequisites)
     - [Server Setup](#server-setup)
     - [Base23 Docker registry login](#base23-docker-registry-login)
+    - [CrowdSec](#crowdsec)
+      - [Setup CrowdSec Repo](#setup-crowdsec-repo)
+      - [Install CrowdSec](#install-crowdsec)
+      - [Configure CrowdSec](#configure-crowdsec)
   - [Installation](#installation)
     - [Clone \& configure initially](#clone--configure-initially)
     - [Fist run](#fist-run)
@@ -50,6 +54,75 @@ apt update \
 docker login -u gitlab+deploy-token-5 registry.git.base23.de
 ```
 
+### CrowdSec
+
+#### Setup CrowdSec Repo
+
+```shell
+apt update \
+  && apt upgrade -y \
+  && apt install -y debian-archive-keyring \
+  && apt install -y curl gnupg apt-transport-https \
+  && mkdir -p /etc/apt/keyrings/ \
+  && curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg \
+  && cat << EOF > /etc/apt/sources.list.d/crowdsec_crowdsec.list \
+  && apt update
+deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
+deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
+EOF
+```
+
+#### Install CrowdSec
+
+```shell
+apt install -y crowdsec crowdsec-firewall-bouncer-iptables \
+  && cscli completion bash | tee /etc/bash_completion.d/cscli \
+  && source ~/.bashrc
+```
+
+#### Configure CrowdSec
+
+Whitelist Tailscale IPs:
+
+```shell
+cat << EOF > /etc/crowdsec/parsers/s02-enrich/01-base23-tailscale.yaml \
+  && systemctl restart crowdsec; journalctl -xef -u crowdsec.service
+name: base23/tailscale ## Must be unqiue
+description: "Whitelist Tailscale"
+whitelist:
+  reason: "Tailscale clients"
+  cidr: 
+    - "100.64.0.0/10"
+EOF
+```
+
+Add Authentik integration:
+
+```shell
+cscli collections install firix/authentik \
+  && cat << EOF > /etc/crowdsec/acquis.d/authentik.yaml \
+  && crowdsec -t && systemctl restart crowdsec
+---
+source: docker
+container_name_regexp:
+  - sso-base23-de-server-*
+  - sso-base23-de-worker-*
+labels:
+  type: authentik
+EOF
+```
+
+Enable increasing ban time:
+
+```shell
+sed -i -e 's/^#duration_expr/duration_expr/g' /etc/crowdsec/profiles.yaml \
+  && crowdsec -t && systemctl restart crowdsec
+```
+
+Setup notifications:
+
+
+
 ## Installation
 
 ### Clone & configure initially
diff --git a/docker-compose.yml b/docker-compose.yml
index ce7cc34..76e2868 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -145,7 +145,7 @@ services:
       - frontend
 
   backup:
-    image: registry.git.base23.de/base23/backup/resticker:0.11.0
+    image: registry.git.base23.de/base23/backup/resticker:0.17.0
     environment:
       PRE_COMMANDS: |-
         docker exec sso-base23-de-postgresql-1 pg_dump -U ${PG_USER:-authentik} -d ${PG_DB:-authentik} -f /var/lib/postgresql/backups/${PG_DB:-authentik}.sql
@@ -153,7 +153,7 @@ services:
       BACKUP_CRON: "32 2 * * *"
       RESTIC_REPOSITORY: sftp://${RESTIC_REPO_USER:?Restic repository user is required}@${RESTIC_REPO_ADDRESS:?Restic repository address is requried}:${RESTIC_REPO_PORT:?Restic repository port is required}//backup
       RESTIC_PASSWORD: ${RESTIC_REPO_PASSWORD:?Restic repository password is required}
-      RESTIC_BACKUP_SOURCES: /var/lib/backups
+      RESTIC_BACKUP_SOURCES: /var/lib/postgresql/backups /var/lib/authentik/backups /var/lib/lego/backups
       RESTIC_BACKUP_ARGS: >-
         --tag ${RESTIC_TAG:?Restic tag is required}
         --verbose
@@ -164,14 +164,14 @@ services:
         --keep-monthly 12
       TZ: Europe/Berlin
     volumes:
-      - ./data/restic/ssh/:/tmp/.ssh/:ro
+      - ./data/restic/ssh/:/run/secrets/.ssh:ro
       - /var/run/docker.sock:/var/run/docker.sock
       - ./docker-compose.yml:/sso.base23.de/docker-compose.yml:ro
-      - backups_db:/var/lib/backups/postgresql:ro
-      - ./data/authentik/certs:/var/lib/backups/authentik/certs:ro
-      - ./data/authentik/custom-templates:/var/lib/backups/authentik/templates:ro
-      - ./data/authentik/media:/var/lib/backups/authentik/media:ro
-      - ./data/.lego:/var/lib/backups/lego:ro
+      - backups_db:/var/lib/postgresql/backups:ro
+      - ./data/authentik/certs:/var/lib/authentik/backups/certs:ro
+      - ./data/authentik/custom-templates:/var/lib/authentik/backups/templates:ro
+      - ./data/authentik/media:/var/lib/authentik/backups/media:ro
+      - ./data/.lego:/var/lib/lego/backups:ro
 
   prune-backup:
     image: registry.git.base23.de/base23/backup/resticker:0.11.0