diff --git a/bxl-shp/apps/docker-compose.mealie.yaml b/bxl-shp/apps/docker-compose.mealie.yaml
index 8e19b4c..958254a 100644
--- a/bxl-shp/apps/docker-compose.mealie.yaml
+++ b/bxl-shp/apps/docker-compose.mealie.yaml
@@ -1,28 +1,34 @@
 services:
   mealie:
     container_name: mealie
-    image: hkotel/mealie:v0.5.6
+    image: hkotel/mealie:latest
     restart: always
     environment:
     - PUID=1000
     - PGID=1000
     - TZ=Europe/Paris
-    - RECIPE_PUBLIC=true
-    - RECIPE_SHOW_NUTRITION=true
-    - RECIPE_SHOW_ASSETS=true
-    - RECIPE_LANDSCAPE_VIEW=true
-    - RECIPE_DISABLE_COMMENTS=true
-    - RECIPE_DISABLE_AMOUNT=false
+    - MAX_WORKERS=1
+    - WEB_CONCURRENCY=1
+    - BASE_URL=https://recipes.bhasher.com
+    - OIDC_AUTH_ENABLED=true
+    - OIDC_SIGNUP_ENABLE=true
+    - OIDC_REMEMBER_ME=true
+    - OIDC_AUTO_REDIRECT=true
+    - OIDC_CONFIGURATION_URL=https://idp.bhasher.com/.well-known/openid-configuration
+    - OIDC_CLIENT_ID=mealie
+    - OIDC_PROVIDER_NAME=Authelia
+    - OIDC_USER_GROUP=everybody
+    - OIDC_ADMIN_GROUP=admin
     labels:
     - "traefik.enable=true"
-    - "traefik.http.routers.mealie.rule=Host(`mealie.bhasher.com`)"
-    - "traefik.http.services.mealie.loadbalancer.server.port=80"
+    - "traefik.http.routers.mealie.rule=Host(`recipes.bhasher.com`)"
+    - "traefik.http.services.mealie.loadbalancer.server.port=9000"
     - "traefik.http.routers.mealie.tls=true"
     - "traefik.http.routers.mealie.tls.certresolver=http"
     - "traefik.http.routers.mealie.entrypoints=internalsecure,externalsecure"
     - "com.centurylinklabs.watchtower.enable=true"
     volumes:
-    - $DATA/mealie/:/app/data
+    - $DATA/mealiev1/:/app/data
     networks:
     - external
 
diff --git a/bxl-shp/apps/docker-compose.syncthing.yaml b/bxl-shp/apps/docker-compose.syncthing.yaml
index d000487..0e9762c 100644
--- a/bxl-shp/apps/docker-compose.syncthing.yaml
+++ b/bxl-shp/apps/docker-compose.syncthing.yaml
@@ -9,7 +9,7 @@ services:
     volumes:
     - $DATA/syncthing:/var/syncthing:rw
     - /mnt/syncDocuments:/mnt/SyncDocuments:rw
-    - /mnt/brieuc-pictures:/mnt/pictures:rw
+    - /mnt/brieuc:/mnt/brieuc:rw
     labels:
     - "traefik.enable=true"
     - "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
diff --git a/bxl-shp/config/idp/authelia.configuration.yaml b/bxl-shp/config/idp/authelia.configuration.yaml
index 766cf5e..7b6ce8b 100644
--- a/bxl-shp/config/idp/authelia.configuration.yaml
+++ b/bxl-shp/config/idp/authelia.configuration.yaml
@@ -62,6 +62,19 @@ access_control:
     policy: two_factor
     subject:
     - "group:admin"
+  - domain: 'mealie.bhasher.com'
+    policy: one_factor
+    subject:
+    - "group:member"
+    methods:
+    - "GET"
+    - "HEAD"
+    - "POST"
+    - "PUT"
+    - "DELETE"
+    - "CONNECT"
+    - "OPTIONS"
+    - "TRACE"
   - domain: '*.bhasher.com'
     policy: one_factor
     subject:
@@ -125,6 +138,13 @@ telemetry:
 identity_providers:
   oidc:
     enforce_pkce: public_clients_only
+    cors:
+      allowed_origins_from_client_redirect_uris: true
+      endpoints:
+        - 'authorization'
+        - 'token'
+        - 'revocation'
+        - 'introspection'
     clients:
     - id: grafana
       description: Grafana
@@ -237,3 +257,18 @@ identity_providers:
         - groups
       userinfo_signing_algorithm: none
 
+    - id: mealie
+      description: Mealie
+      public: true
+      authorization_policy: one_factor
+      redirect_uris:
+        - https://recipes.bhasher.com/login
+        - https://recipes.bhasher.com/login?direct=1
+      consent_mode: implicit
+      scopes:
+        - openid
+        - profile
+        - email
+        - groups
+      userinfo_signing_algorithm: none
+