diff --git a/docker-compose.macmini.yml b/docker-compose.macmini.yml
index 52301b5a7..c415d7a28 100644
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@@ -1736,7 +1736,7 @@ services:
         condition: service_healthy
       alertmanager:
         condition: service_healthy
-    entrypoint: ["sh", "-c", "mkdir -p /etc/alerts && cp /mnt/alerts-config/*.yml /etc/alerts/ 2>/dev/null; exec /vmalert-prod -datasource.url=http://victoriametrics:9090 -notifier.url=http://alertmanager:9093 -remoteWrite.url=http://victoriametrics:9090 -remoteRead.url=http://victoriametrics:9090 -rule='/etc/alerts/*.yml' -evaluationInterval=30s -httpListenAddr=:8880"]
+    entrypoint: ["sh", "-c", "mkdir -p /etc/alerts && cp /mnt/alerts-config/alerts.yml /etc/alerts/ 2>/dev/null; exec /vmalert-prod -datasource.url=http://victoriametrics:9090 -notifier.url=http://alertmanager:9093 -remoteWrite.url=http://victoriametrics:9090 -remoteRead.url=http://victoriametrics:9090 -rule='/etc/alerts/alerts.yml' -evaluationInterval=30s -httpListenAddr=:8880"]
     volumes:
       - ./docker/prometheus:/mnt/alerts-config:ro
     ports:
diff --git a/docker/matrix/config/homeserver.yaml b/docker/matrix/config/homeserver.yaml
index 59af0b2e5..b0c9693f9 100644
--- a/docker/matrix/config/homeserver.yaml
+++ b/docker/matrix/config/homeserver.yaml
@@ -74,10 +74,10 @@ url_preview_ip_range_blacklist:
 enable_registration: false
 enable_registration_without_verification: false
 
-# Password config (disabled - all users authenticate via OIDC/SSO)
+# Password config (enabled - OIDC not yet available from mana-auth)
 password_config:
-  enabled: false
-  localdb_enabled: false
+  enabled: true
+  localdb_enabled: true
   pepper: "${SYNAPSE_PASSWORD_PEPPER:-change-me-pepper}"
 
 # Session lifetime (must be >= refresh_token_lifetime)
@@ -196,24 +196,13 @@ run_background_tasks_on: synapse
 # OIDC / SSO Configuration (Mana Core Auth)
 # ============================================
 
-# Enable SSO via Mana Core Auth OIDC Provider
-oidc_providers:
-  - idp_id: manacore
-    idp_name: "Mana Core"
-    idp_brand: "org.matrix.custom"
-    discover: true
-    issuer: "https://auth.mana.how"
-    client_id: "matrix-synapse"
-    client_secret: "6dc67d2dbea5c19409d21cbaec5ba77265b0296796d4ebb015d70209c68f3fd5"
-    scopes: ["openid", "profile", "email"]
-    user_mapping_provider:
-      config:
-        subject_claim: "sub"
-        localpart_template: "{{ user.email.split('@')[0] }}"
-        display_name_template: "{{ user.name }}"
-        email_template: "{{ user.email }}"
-    allow_existing_users: true
-    enable_registration: true
+# OIDC disabled: mana-auth (Better Auth) does not expose OIDC discovery endpoints
+# TODO: add OIDC provider support to mana-auth, then re-enable this
+# oidc_providers:
+#   - idp_id: manacore
+#     issuer: "https://auth.mana.how"
+#     client_id: "matrix-synapse"
+#     ...
 
 # SSO UI Settings
 sso: