diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix
index 46b6bc6..4df533c 100644
--- a/hosts/fw/modules/ddclient.nix
+++ b/hosts/fw/modules/ddclient.nix
@@ -14,7 +14,6 @@
       "element.cloonar.com"
       "foundry-vtt.cloonar.com"
       "foundry-ha.cloonar.com"
-      "fivefilters.cloonar.com"
       "fw.cloonar.com"
       "git.cloonar.com"
       "jellyfin.cloonar.com"
diff --git a/hosts/fw/modules/openclaw.nix b/hosts/fw/modules/openclaw.nix
index 18765b2..ad1ef66 100644
--- a/hosts/fw/modules/openclaw.nix
+++ b/hosts/fw/modules/openclaw.nix
@@ -48,7 +48,6 @@ with lib;
       "--network=server"
       "--ip=${config.networkPrefix}.97.60"
       "--init"
-      "--dns=${config.networkPrefix}.97.1" # Use internal dnsmasq for local service resolution
       # Chrome sandbox capabilities
       "--cap-add=SYS_ADMIN"
       "--security-opt=seccomp=unconfined"
diff --git a/hosts/fw/modules/phpldapadmin.nix b/hosts/fw/modules/phpldapadmin.nix
new file mode 100644
index 0000000..07d3279
--- /dev/null
+++ b/hosts/fw/modules/phpldapadmin.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+
+{
+  virtualisation.oci-containers.backend = "podman";
+  virtualisation.oci-containers.containers = {
+    phpldapadmin = {
+      image = "phpldapadmin/phpldapadmin:2.2.2";
+      autoStart = true;
+      ports = [
+        "80:8087/tcp"
+      ];
+      environmentFiles = [
+        config.sops.secrets.phpldapadmin.path
+      ];
+    };
+  };
+
+  systemd.timers."restart-phpldapadmin" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 3:00:00";
+        Unit = "restart-phpldapadmin.service";
+      };
+  };
+
+  systemd.services."restart-phpldapadmin" = {
+    script = ''
+      set -eu
+      if ${pkgs.systemd}/bin/systemctl is-active --quiet podman-phpldapadmin.service; then
+          ${pkgs.systemd}/bin/systemctl restart podman-phpldapadmin.service
+      fi
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+
+  sops.secrets.phpldapadmin = {};
+}
diff --git a/hosts/fw/modules/web/phpldapadmin.nix b/hosts/fw/modules/web/phpldapadmin.nix
index e267af3..32d7bd2 100644
--- a/hosts/fw/modules/web/phpldapadmin.nix
+++ b/hosts/fw/modules/web/phpldapadmin.nix
@@ -6,7 +6,7 @@ with lib;
   virtualisation.oci-containers.backend = "podman";
   virtualisation.oci-containers.containers = {
     phpldapadmin = {
-      image = "phpldapadmin/phpldapadmin:2.3.9";
+      image = "phpldapadmin/phpldapadmin:2.2.2";
       autoStart = true;
       ports = [
         "8087:8080/tcp"
diff --git a/hosts/fw/pkgs/default.nix b/hosts/fw/pkgs/default.nix
index fc10c7a..5e2bb28 100644
--- a/hosts/fw/pkgs/default.nix
+++ b/hosts/fw/pkgs/default.nix
@@ -3,4 +3,5 @@ let
   pkgs = import <nixpkgs> {};
 in
 {
+  phpLDAPadmin = pkgs.callPackage ./phpldapadmin.nix { };
 }
diff --git a/hosts/fw/pkgs/phpldapadmin.nix b/hosts/fw/pkgs/phpldapadmin.nix
new file mode 100644
index 0000000..b781b52
--- /dev/null
+++ b/hosts/fw/pkgs/phpldapadmin.nix
@@ -0,0 +1,23 @@
+{ fetchurl, lib, stdenv }:
+
+stdenv.mkDerivation rec {
+  pname      = "phpLDAPadmin";
+  version    = "2.1.4";
+
+  src = fetchurl {
+    url    = "https://github.com/leenooks/phpLDAPadmin/archive/${version}.tar.gz";
+    sha256 = "hkigC458YSgAZVCzVznix8ktDBuQm+UH3ujXn9Umylc=";
+  };
+
+  installPhase = ''
+    mkdir -p $out
+    cp -r . $out/
+    ln -sf /etc/phpldapadmin/env $out/.env
+  '';
+
+  meta = {
+    description = "phpLDAPadmin";
+    license     = lib.licenses.gpl3;
+    platforms   = lib.platforms.all;
+  };
+}