diff --git a/roles/authentik/vars/main.yml b/roles/authentik/vars/main.yml
index bf3a8ea..77d83c0 100644
--- a/roles/authentik/vars/main.yml
+++ b/roles/authentik/vars/main.yml
@@ -3,7 +3,7 @@ authentik_svc:
   domain: auth.serguzim.me
   name: authentik
   port: 9000
-  image_tag: 2023.8
+  image_tag: 2024.2
   db:
     host: "{{ postgres.host }}"
     database: authentik
diff --git a/roles/backup/files/node002/immich.sh b/roles/backup/files/node002/immich.sh
index 8d245d7..c1b4a18 100755
--- a/roles/backup/files/node002/immich.sh
+++ b/roles/backup/files/node002/immich.sh
@@ -2,4 +2,4 @@ backup_path="$BACKUP_LOCATION/immich"
 mkdir -p "$backup_path"
 
 cd /opt/services/immich || exit
-docker compose exec database pg_dump -U "$DB_USERNAME" "$DB_DATABASE" | gzip >"$backup_path/immich.sql.gz"
+docker compose exec database sh -c 'pg_dump -U "$DB_USERNAME" "$DB_DATABASE"' | gzip >"$backup_path/immich.sql.gz"
diff --git a/roles/caddy/files/snippets b/roles/caddy/files/snippets
index aa37973..97f8661 100644
--- a/roles/caddy/files/snippets
+++ b/roles/caddy/files/snippets
@@ -39,6 +39,7 @@
 (analytics) {
 	handle_path /_a/* {
 		reverse_proxy https://analytics.serguzim.me {
+			header_up X-Analytics-IP {remote}
 			header_up Host {http.reverse_proxy.upstream.hostport}
 		}
 	}
diff --git a/roles/shlink/vars/main.yml b/roles/shlink/vars/main.yml
index b1fcf20..beda88e 100644
--- a/roles/shlink/vars/main.yml
+++ b/roles/shlink/vars/main.yml
@@ -1,6 +1,8 @@
 ---
 shlink_svc:
   domain: msrg.cc
+  additional_domains:
+    - "emgauwa.app"
   name: shlink
   port: 8080
 
@@ -22,8 +24,7 @@ shlink_env:
   DB_USER: "{{ vault_shlink.db.user }}"
   DB_PASSWORD: "{{ vault_shlink.db.pass }}"
 
-  DISABLE_TRACKING: true
-  SKIP_INITIAL_GEOLITE_DOWNLOAD: true
+  GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}"
 
 shlink_compose:
   watchtower: true
diff --git a/roles/umami/vars/main.yml b/roles/umami/vars/main.yml
index d84fe8a..4240443 100644
--- a/roles/umami/vars/main.yml
+++ b/roles/umami/vars/main.yml
@@ -18,6 +18,7 @@ umami_env:
   DATABASE_TYPE: postgresql
   FORCE_SSL: 1
   HASH_SALT: "{{ umami_hash_salt }}"
+  CLIENT_IP_HEADER: X-Analytics-IP
 
 umami_compose:
   watchtower: true