diff --git a/flake.lock b/flake.lock
index f07cd44..20c4f70 100644
--- a/flake.lock
+++ b/flake.lock
@@ -333,17 +333,17 @@
         "proj": "proj"
       },
       "locked": {
-        "lastModified": 1777390215,
-        "narHash": "sha256-Efmg2+ssZNVwc7UOIqjMWR2rzQ7FCms6uoqBwDxeD80=",
+        "lastModified": 1777418659,
+        "narHash": "sha256-kxrsCfoRc6pc45t9P4np6HjPNx3a6A7KZclsL0g/aWE=",
         "owner": "Gleipnir-Technology",
         "repo": "nidus-sync",
-        "rev": "20bf272746b78147f1a1608610a660f45407c43c",
+        "rev": "f3af19f03a2b839cbf534234738b3f1bd6535f7d",
         "type": "github"
       },
       "original": {
         "owner": "Gleipnir-Technology",
         "repo": "nidus-sync",
-        "rev": "20bf272746b78147f1a1608610a660f45407c43c",
+        "rev": "f3af19f03a2b839cbf534234738b3f1bd6535f7d",
         "type": "github"
       }
     },
diff --git a/flake.nix b/flake.nix
index 8de8241..9a84a94 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,7 +24,7 @@
 			type = "github";
 			owner = "Gleipnir-Technology";
 			repo = "nidus-sync";
-			rev = "20bf272746b78147f1a1608610a660f45407c43c";
+			rev = "f3af19f03a2b839cbf534234738b3f1bd6535f7d";
 		};
 		nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
 		nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
diff --git a/modules/system/nidus-sync.nix b/modules/system/nidus-sync.nix
index 237da26..7e822d5 100644
--- a/modules/system/nidus-sync.nix
+++ b/modules/system/nidus-sync.nix
@@ -9,6 +9,8 @@ let
 	dataDirectoryString = "/mnt/bigdisk/nidus-sync";
 	group = nidusName;
 	nidusName = "nidus-sync";
+	nidusNameSocket = "${nidusName}";
+	nidusNameWebserver = "${nidusName}-webserver";
 	nidus-sync-pkg = inputs.nidus-sync.packages.x86_64-linux.default;
 	port = 10000;
 	secretsName = "${nidusName}-env";
@@ -96,17 +98,17 @@ in {
 			group = "${group}";
 			mode = "0440";
 			owner = "${user}";
-			restartUnits = ["${nidusName}-webserver.service"];
+			restartUnits = ["${nidusNameWebserver}.service"];
 			sopsFile = ../../secrets/${cfg.environment}/${nidusName}.env;
 		};
-		systemd.services."${nidusName}-webserver" = {
-			after=["network.target" "network-online.target"];
+		systemd.services."${nidusNameWebserver}" = {
+			after=["${nidusNameSocket}.socket" "network.target"];
 			description="Nidus Sync Webserver";
 			path = with pkgs; [
 				ffmpeg
 				google-chrome
 			];
-			requires=["network-online.target"];
+			requires=["${nidusNameSocket}.socket"];
 			serviceConfig = {
 				Group = "${group}";
 				Environment=[
@@ -115,15 +117,24 @@ in {
 				];
 				EnvironmentFile="${environmentFile}";
 				ExecStart = "${nidus-sync-pkg}/bin/nidus-sync";
+				KillMode = "mixed"; # SIGTERM to main process, SIGKILL to process group after timeout
+				KillSignal = "SIGTERM";
 				PrivateTmp = true;
 				Restart = "on-failure";
 				StateDirectory = "nidus-sync"; # Creates /var/lib/nidus-sync
-				TimeoutStopSec = "5s";
+				TimeoutStopSec = 30;
 				Type = "simple";
 				User = "${user}";
 				WorkingDirectory = "/var/lib/nidus-sync";
 			};
-			wantedBy = ["multi-user.target"];
+		};
+		systemd.sockets."${nidusNameSocket}" = {
+			listenStreams = [ "${toString port}" ];
+			socketConfig = {
+				BindIPv6Only = "both";
+				Service = "${nidusNameWebserver}.service";
+			};
+			wantedBy = [ "multi-user.target" ];
 		};
 		systemd.tmpfiles.rules = [
 			"d ${dataDirectoryString} 0755 ${nidusName} ${nidusName}"