diff --git a/modules/cloud/postgresql/default.nix b/modules/cloud/postgresql/default.nix
index 262c3a2..da38e90 100644
--- a/modules/cloud/postgresql/default.nix
+++ b/modules/cloud/postgresql/default.nix
@@ -28,7 +28,7 @@ in
   # PostgreSQL settings.
   config.services.postgresql = {
     enable = true;
-    package = pkgs.postgresql_13;
+    package = pkgs.postgresql_15;
 
     ensureDatabases = cfg.databases;
 
@@ -42,4 +42,38 @@ in
   config.services.postgresqlBackup = {
     enable = true;
   };
+
+  # Upgrade
+  config.environment.systemPackages = [
+    (
+      let
+        # XXX specify the postgresql package you'd like to upgrade to.
+        # Do not forget to list the extensions you need.
+        newPostgres = pkgs.postgresql_15.withPackages (pp: [
+          # pp.plv8
+        ]);
+      in
+      pkgs.writeScriptBin "upgrade-pg-cluster" ''
+        set -eux
+        # XXX it's perhaps advisable to stop all services that depend on postgresql
+        systemctl stop postgresql
+
+        export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
+
+        export NEWBIN="${newPostgres}/bin"
+
+        export OLDDATA="${config.services.postgresql.dataDir}"
+        export OLDBIN="${config.services.postgresql.package}/bin"
+
+        install -d -m 0700 -o postgres -g postgres "$NEWDATA"
+        cd "$NEWDATA"
+        sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
+
+        sudo -u postgres $NEWBIN/pg_upgrade \
+          --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
+          --old-bindir $OLDBIN --new-bindir $NEWBIN \
+          "$@"
+      ''
+    )
+  ];
 }
diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix
index 96173ce..3bfa75f 100644
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@@ -244,5 +244,30 @@
   };
   cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
   system.stateVersion = "21.11";
+
+  # ntfy
+  cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; };
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      listen-http = "127.0.0.1:11161";
+      cache-file = "/var/lib/ntfy-sh/cache.db";
+      auth-file = "/var/lib/ntfy-sh/auth.db";
+      auth-default-access = "deny-all";
+      behind-proxy = true;
+      base-url = "https://ntfy.nkagami.me";
+      attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
+      enable-login = true;
+      enable-reservations = true;
+      upstream-base-url = "https://ntfy.sh";
+    };
+  };
+  systemd.services.ntfy-sh.serviceConfig = {
+    WorkingDirectory = "/var/lib/ntfy-sh";
+    StateDirectory = "ntfy-sh";
+  };
+  systemd.services.ntfy-sh.preStart = ''
+    mkdir -p /var/lib/ntfy-sh/attachments
+  '';
 }
 
diff --git a/nki-personal-do/gitea.nix b/nki-personal-do/gitea.nix
index e121e1e..7365448 100644
--- a/nki-personal-do/gitea.nix
+++ b/nki-personal-do/gitea.nix
@@ -165,7 +165,7 @@ in
     lfs.enable = true;
 
     # Backup
-    dump.enable = true;
+    # dump.enable = true;
   };
 
   # Set up gpg signing key