diff --git a/swarm/authentik.yaml b/swarm/authentik.yaml
index 4ef58c3..16010a7 100644
--- a/swarm/authentik.yaml
+++ b/swarm/authentik.yaml
@@ -54,10 +54,18 @@ services:
     networks:
       - authentik
     deploy:
+      restart_policy:
+        condition: any
+        delay: 5s
+        max_attempts: 3
+        window: 120s
       placement:
         constraints:
+          - node.platform.arch != arm
+          - node.platform.arch != aarch64
           - node.hostname == znas
       labels:
+        diun.enable: "true"
         gremlin.uid.exempt: "true"
         gremlin.uid.reason: "Redis manages its own internal users"
         gremlin.caddy.skip: "true"
@@ -87,8 +95,15 @@ services:
       - "9080:9000"
       - "9443:9443"
     deploy:
+      restart_policy:
+        condition: any
+        delay: 5s
+        max_attempts: 3
+        window: 120s
       placement:
         constraints:
+          - node.platform.arch != arm
+          - node.platform.arch != aarch64
           - node.hostname == znas
       labels:
         caddy: auth.netgrimoire.com
@@ -131,10 +146,18 @@ services:
     networks:
       - authentik
     deploy:
+      restart_policy:
+        condition: any
+        delay: 5s
+        max_attempts: 3
+        window: 120s
       placement:
         constraints:
+          - node.platform.arch != arm
+          - node.platform.arch != aarch64
           - node.hostname == znas
       labels:
+        diun.enable: "true"
         gremlin.uid.exempt: "true"
         gremlin.uid.reason: "Authentik worker runs as 1964:1964 via user: directive"
         gremlin.caddy.skip: "true"