diff --git a/flake.nix b/flake.nix
index c98fc8a..741a5da 100644
--- a/flake.nix
+++ b/flake.nix
@@ -216,7 +216,11 @@
           mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; };
         # nixos-rebuild switch --flake .#server-vm --target-host root@192.168.0.21 
         "server-vm" = mkHost {
-          modules = [ ./users/anon ./systems/amd-server-vm/configuration.nix ];
+          modules = [
+            ./users/anon
+            ./systems/amd-server-vm/configuration.nix
+            disko.nixosModules.disko
+          ];
         };
       };
 
diff --git a/secrets/adminarea.age b/secrets/adminarea.age
index 58bdf3f..06efd1d 100644
Binary files a/secrets/adminarea.age and b/secrets/adminarea.age differ
diff --git a/secrets/coturn-secret.age b/secrets/coturn-secret.age
index 3f2ffba..ff23d9f 100644
Binary files a/secrets/coturn-secret.age and b/secrets/coturn-secret.age differ
diff --git a/secrets/duckdns.age b/secrets/duckdns.age
index ea78094..cabdf6a 100644
--- a/secrets/duckdns.age
+++ b/secrets/duckdns.age
@@ -1,13 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 dkV/5A NszBp6tthzJKoeujJ0k1AbIWvK0Vii3yK3iHCZC8yFk
-3Uxxeb8RijQb63WOVcYXL53C5cl3vTGG/s2t8pJavL4
--> ssh-ed25519 xfrWcQ I8RgQBkcI+eGYLuJRiadQSMm7VlL7PIvCLv9P3nQ5WE
-tmfz9k8r2V9urFjIU+JDtHpCxQlAioTY90EqjXCVKvk
--> ssh-ed25519 IV3DkQ eOiXgjJi7XrNULS+4rTY61Nw8YqUUDmW+r29q5vQFAc
-V2C6EHeXDseNKd4Vus0mcI808FySxQQ1DJUdpLwFqaQ
--> ssh-ed25519 DCzi1A E/zVOLiv2O66rwbK++3YDGr/h+FZmk5f5WTo9W/3VQE
-VW7yJONqcOqcHE9CK9iRNPFDBFpf0+/oISyIYmuoiJs
---- pcApz4sq0MZALDTE7lvbXHUyBP2CctsVZX7bsR5Lry0
-ióE)fy"|z
-RS®AKNÕ<±å}-ôŠ,Ïõ¦„8âþƒ7˜ O³\œ–ÑrW…×%eÄyÙ¯ÜÎ<a
-	C
\ No newline at end of file
+-> ssh-ed25519 oDXHAQ MYpdCG0zLQb4gMMtefpozExZtYwQ76dzr/ihEP5HiAU
+jiiqWsDcEWHJRA1cGlstdbTM6N8y3kDM8Rx6PWYTH0c
+-> ssh-ed25519 xfrWcQ k5mGfz1oY2TRsOuCA6VXH7W1nEJlkxGgcgQ3xgKyBCU
+j4wVkbV2qagGQymSXRJJGfUYuwf0Rn/DRZgxkLR1y1Q
+-> ssh-ed25519 IV3DkQ 7dpHUynNdZpktntsGd2oTv5+30o8t3mUFWnutB0omWc
+c4XxxS1+ZpJqGmjLOW5Xi70DpY1T/9SAnt4Fs5/1RCQ
+-> ssh-ed25519 DCzi1A KBIJpSeVZtbujtLdP2fSjVis1DF/PdiKdzYRXuSWzVA
+Jr6kB1eJlr1IgcJj6wThm+yPxyFmqLb/6xb2nmrceDU
+--- 6eIZactoXlgq/FVUuqPMyVxjXer9eXyNhMMmvfhnvF4
+èÕ•xV#¬2HC)¨í“ú±¹%ŒÂ7H¯r
+¦ê‡U¸ˆàq:@ÛÆ°ÅEXh‚ÚÐ—Ô{©ãˆxa¤q'nk
\ No newline at end of file
diff --git a/secrets/fileshelter-conf.age b/secrets/fileshelter-conf.age
index 4f2abc0..4e1f48b 100644
Binary files a/secrets/fileshelter-conf.age and b/secrets/fileshelter-conf.age differ
diff --git a/secrets/github-runner-pw.age b/secrets/github-runner-pw.age
index 13076fd..6c4df20 100644
Binary files a/secrets/github-runner-pw.age and b/secrets/github-runner-pw.age differ
diff --git a/secrets/github-runner-token.age b/secrets/github-runner-token.age
index 678369e..37b4ed9 100644
Binary files a/secrets/github-runner-token.age and b/secrets/github-runner-token.age differ
diff --git a/secrets/grafana-contact-points.age b/secrets/grafana-contact-points.age
index 3a0af33..b724fe2 100644
Binary files a/secrets/grafana-contact-points.age and b/secrets/grafana-contact-points.age differ
diff --git a/secrets/kavita.age b/secrets/kavita.age
index 28c8903..9f88df9 100644
Binary files a/secrets/kavita.age and b/secrets/kavita.age differ
diff --git a/secrets/matrix-registration.age b/secrets/matrix-registration.age
index 9ab6ac6..7cd0662 100644
Binary files a/secrets/matrix-registration.age and b/secrets/matrix-registration.age differ
diff --git a/secrets/nextcloud-admin.age b/secrets/nextcloud-admin.age
index 5d3971d..0433049 100644
--- a/secrets/nextcloud-admin.age
+++ b/secrets/nextcloud-admin.age
@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 dkV/5A Su58lWBcpb6qZlmn1+CsRcggjPFuXEEcO3OTeaSnMkg
-4DD+oGcR9XmozvCUEIUtJkU5+ReurNa0NZ01kpVsBbg
--> ssh-ed25519 xfrWcQ gMufekLvqjaTQaA4G4TxuAkNashr6skkmCw9uoXaMCU
-n+QS+KEN/o3lTQvsAUmnuJ7MGfrNVrWJ4vPfwM9wLGY
--> ssh-ed25519 IV3DkQ 4P3Ey1FG9/g2Sn7otppWJlleHULndKRDEjIfgWxOK0E
-A1kxP/K3CI0fd43qxMAnTStyUDx8rFwVSy8nAgUERFw
--> ssh-ed25519 DCzi1A uQ/HrRbqsad+l1JY9SzUbz/dLVRkOSk6nvnKwooHIkQ
-vsJbQfU7L4ym2rcUoBlcKIsomai0GQWEx5am/jMDg9w
---- LTqzvFscqFlrWb402ycFUUC2wnKt8ttl6dP3XI0u8/o
-=g£”í1ßé&5jè´Ž„ê™ñ{é¥?\3€Í'–Iö¨`Ã§¹×9ÑÉˆÆï*¸ÓÜ™énÓOs>üÐpƒ;x½»Õš4/ñJÐJ`09
\ No newline at end of file
+-> ssh-ed25519 oDXHAQ fXHB5hLI9sET0Rc8lJThV5j2JmA63LObUPQBt/vc+RI
+E1U7sRa0TpAof0WyJ5sBSFGzRkIu0SL4PNSkqAbYz8A
+-> ssh-ed25519 xfrWcQ 9BGmBObA+CgnHAnzeI73f8A9ckeE8q5ePLhrRm1GSlo
+Y3VYXUGZue7MXSEGcaKdv9+HLTSxqWQn1hF4P+6GYxg
+-> ssh-ed25519 IV3DkQ LXwU7NB/ayZI18XNfe7U9kcfRqUkX93dvJFik6D/DGk
+nGR0ZFlSPFZpfb6V4zcRsgXcrlcqJtCanHtXCVodBeY
+-> ssh-ed25519 DCzi1A FyYNnl0gS6QtnKCNigBodzbY88z1KQWCnX4ghU23im8
+38zIk+7Vnho8dbqO10LaPqvN4eNxBoPJvzn90z5J0ww
+--- p81MUS7mwH72TH/SkcvKhsPjK+ZHF2bMhuSyXdgELak
+\WÆPúýÌ‹ºÉÑÅ‹QBáÎJÁŒ¬Ô»Y\_KÞÒ×ÇÝô¢ÃT¢½ÉFãÜ/à§#†"4$y¯#æÑÚKäÜðŒ&äÑÍ‡)JmˆÕ"ìf©ñ
\ No newline at end of file
diff --git a/secrets/nextcloud-cert.age b/secrets/nextcloud-cert.age
index df79310..fb8241b 100644
Binary files a/secrets/nextcloud-cert.age and b/secrets/nextcloud-cert.age differ
diff --git a/secrets/nextcloud-key.age b/secrets/nextcloud-key.age
index 152ce24..b5105d7 100644
Binary files a/secrets/nextcloud-key.age and b/secrets/nextcloud-key.age differ
diff --git a/secrets/paperless.age b/secrets/paperless.age
index c27cd6f..db1ecf9 100644
Binary files a/secrets/paperless.age and b/secrets/paperless.age differ
diff --git a/secrets/plausible-admin.age b/secrets/plausible-admin.age
index 11f56e6..887d439 100644
Binary files a/secrets/plausible-admin.age and b/secrets/plausible-admin.age differ
diff --git a/secrets/plausible-keybase.age b/secrets/plausible-keybase.age
index 7777954..e662e6d 100644
Binary files a/secrets/plausible-keybase.age and b/secrets/plausible-keybase.age differ
diff --git a/secrets/radicale.age b/secrets/radicale.age
index 4ceaf00..e2a871e 100644
Binary files a/secrets/radicale.age and b/secrets/radicale.age differ
diff --git a/secrets/restic-gdrive.age b/secrets/restic-gdrive.age
index 0101253..6ccd72c 100644
Binary files a/secrets/restic-gdrive.age and b/secrets/restic-gdrive.age differ
diff --git a/secrets/restic-pw.age b/secrets/restic-pw.age
index b59e132..16e4c4d 100644
Binary files a/secrets/restic-pw.age and b/secrets/restic-pw.age differ
diff --git a/secrets/restic-s3.age b/secrets/restic-s3.age
index 034a3b8..00321cf 100644
Binary files a/secrets/restic-s3.age and b/secrets/restic-s3.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 8b89f25..93ec47f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,7 @@ let
   kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
   server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
   laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@nix-laptop";
-  mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/hwMtI0Xj4eRLjITV/Q2BQGG11NCHZRTLuecE/ZPM5 root@server-vm";
+  mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGsTZvAahTrszYDHn+94sLtcF8865/mpd26ZDVQklSj root@server-vm";
   mini-pc-proxmox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0kX32LfIOv8FDVvdp7lWesVvMGh5tj84nv7TkIR1cs root@mini-pc";
   adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos";
   users = [ kop ];
diff --git a/secrets/stash-auth.age b/secrets/stash-auth.age
index b55df1e..7485453 100644
--- a/secrets/stash-auth.age
+++ b/secrets/stash-auth.age
@@ -1,13 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 dkV/5A H45UCnfk0L30LTAIJQ21zWMfvYurNxsC7wZJbCZRr1U
-pexJiRj9wUy5S8jzMDWUZpKTCQIpGKDH3o/BPGDIrXc
--> ssh-ed25519 xfrWcQ PnFaA7dYMhvwECptLvjkZPY5exA7QQU9J3yuzfFHU0M
-tf7pmM2cNqanKNINYkSmn5XMl4VaHpGTIM/3yJydnV4
--> ssh-ed25519 IV3DkQ NByh1UlLrvvrALcRr25S/Q3TKxbJupknfPxT0BcfbHA
-RMAV0OJ70qcce0hVZ49HgMLqTjmhEnyHunnSPs6PDt0
--> ssh-ed25519 DCzi1A AK2WRW6/SwNkv8ZC2RafnpuODniO0hi44hr6j6zmsB0
-keejUQyYNd3mKqf0bBIaxGWuVncge7bWnnPwFAwuY7A
---- 1S9P2L4/3qA01SRlO/GOZfSg2Y5ckO58iYMe6rfl3es
-“jÚ>;‹g°cE@suÇ
-ß–6È»ñëóøPIdzÜÙå*±#Áù}itüÐbÃˆî­‰©Å
-Þ5¦ä€‰oÇ¼…léeB{Úwìal/“0£¯J“¥Oƒü¤ªó
\ No newline at end of file
+-> ssh-ed25519 oDXHAQ 0NNqtL68zEGWRrRwAk58Rvq2xwk/LdHe3up0bHyx/D8
+0LCkWkY3PkyTE/tnASHiJ9wMF1dZ6PSSFCy4dEWj/1A
+-> ssh-ed25519 xfrWcQ PKZzlEeKAOGnEWF8x09fYxpb+/o2z7BjN6SEIqSDZUQ
+MynSCre6WzgOlyz4NSIs4+M2kDHaWcU1AsTZD+w6hlU
+-> ssh-ed25519 IV3DkQ sOsUpqlbnWKVVuKpSf3RaTxSA9v95pjxKdTGhh2Z414
+VX8A0guO7cWvk/H9K69pjNCVkSQIuMVaU+eqE19l2YY
+-> ssh-ed25519 DCzi1A NMd7vJYFCBblwJbmbRVmT+6LVRsXQ1WdfvYWx2OZaC8
+SRlnZjkjxgq1ovrrlvwDm08lkrDwLgyyqpZyP2tMYCI
+--- D1wloC8gokbJdx4To2UpXdT/JslHiw83Zl4lLeErZYM
+Ð‰SMC£{ö†\¿úm”¢W*H °‰—•KIu×µw’­nM¥Q@X²{Œ€-‰9Ì…±÷”¿4Rx ¹ÂÉÎŒ‘ƒ›`¸,×>‚áÒüM-–µéuàlg§ù
\ No newline at end of file
diff --git a/secrets/step-ca-key.age b/secrets/step-ca-key.age
index 437daaa..c9bf369 100644
--- a/secrets/step-ca-key.age
+++ b/secrets/step-ca-key.age
@@ -1,11 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 dkV/5A HBZGNzN2lrnhtMdE6/089Lcw7MGe1fJ0HRDEZTi35UM
-eQ4BmwsKQFDqgri8N3D+T7ueWVM2JUnBMwBQESphIPw
--> ssh-ed25519 xfrWcQ 3l8lOITOPFtxQUTYq7oHPe+2g9i+2EEhdDJtEwHqmSE
-NnMM2KYq+YI/cfsMXL1JqG0QJVNVk3yzj2LMvTfU2dE
--> ssh-ed25519 IV3DkQ tKD4UHlMDXvxLUm2SfmKEPkZqrGV5sHZiVG6tUOIejs
-09xB0yaf6FfZdoBcmW0OaoOFr9shiWD1TBjymkr0Z+Q
--> ssh-ed25519 DCzi1A dvEqkqxPBbJE3rjfXtAaX0yyd5MAfarby4ZPOsXjDTA
-vLSYbez9MH02FFmoZOoR17tb0QKtN+i39/ClEkaIHZI
---- 5V2wMVZCP+/+Kxz/a9SGu078e96WJPVI44uB+f/gsl0
-#H*]ºÅÏýÈÕ’5$	„î›iƒÖ.ÎF!L³è l(F§(ïÞ¦ï{¶²­Ÿza=°‡Ö.<H7Ê˜{Ôx'˜ŸÂ¨]Ÿ×Ä]]Fªµï5#i)tW°ìÒ!ú•®íMUg7œÆ;)¹~3¤ÓXãë7ëˆýýkî€`¡3¡³÷~?­ h¼!\‰šª"î;¸–e²Û>iÉy}æ»ÿÉê¾ˆ+]GqJ^Ã0ü°½'¼B¨ôtøZ`ÆwÛ|ð³sIÉÓ0¾¯÷nÄN²N"Xa§tÞ++xËæâ‘ôï™KòB<Aí—{…ôãT+²Vå ‘%	_<ì5»Ò¦Šv4$e·|ú$©=(Œz½ô&Ñ«5iÀ4|d‘«ÕÒ†®ˆµ‹2µ®_?Èâ°loêÈ ¹ç+¾ElIëYBp¾ƒCRÛk¯ÒdºËª°èÆÎ%³D²l
\ No newline at end of file
+-> ssh-ed25519 oDXHAQ YfO6hzBaRbAC1hg0mvKruCTcBY+nvnI6p+HR9/avH0o
+ObMSm+ca6d7bRZXX1V5kBeG6MUh2PFXPtR6bexhsqWU
+-> ssh-ed25519 xfrWcQ OsgB8SpqhZj/r3yCP3RQOBZq36IUb8Zsh8rjYcnJUjM
+MbMA/bvvrXZGIvQdqx9U6RrMH16ya7Jz6KPwB11EaFU
+-> ssh-ed25519 IV3DkQ udVSSPQRm3tB4PW/V3844sgncUlhy4dp1EMrcfRQ12k
+DHZzTfHVn1jwZjKepTnm+2HHU5H1PuPi8/Ew6lzzelc
+-> ssh-ed25519 DCzi1A mwMtvCPmmu6wfl/T2Vz9jycGwbT65S2sXjHXcy8Si3Q
+td+6Y2dhgpxv7gyPXQZQI2TlNqLaSlHJNDVZdOTPUZY
+--- rOGbM5R16EeAyl8jtbCKnDRKHSvwYIZ5HyiG0ujxV1M
+ÛÍ>ò:H™ú:5Ó[h`™Çãëõ¾-¡Ê¥&Eï‚™ŒÀ’Z*ü7'¼1£¼ì#=©Áo&Ê¹¸#äz‹¯RW{©‚)èš¾<,1haÿ%p§¿Ñ\b‡C•„ÿÀe-–_nþœQðƒ¼Z¿®èeeýÝu‰¸±Uõ{nþìMÂ$¾dŸaE/²Í×u×r—QD÷Ñ}MýïË´«0äYoxÌ:#*)QçÖ<‰—yæ¶DË³÷ã‰p³åôPô ‰0ËÂFfƒ¸ÑT—r_ê[Ï‰t~ÿ¾›˜ ;ÔÁ© Dü?At§·eIh3Éæa‡;wÅ@°o wD%&pOÌ$')ÖÒÂØöóŸ€›>ŠQ­†Do¨z¼¤Ç>$ˆœ‹7Þôó%ý
+õËsûß-þ¤åxiL°Â¹×ýª W›q5ƒÈœ|¿~N¤/g
\ No newline at end of file
diff --git a/secrets/step-ca-pw.age b/secrets/step-ca-pw.age
index 64b428e..c03c5a7 100644
--- a/secrets/step-ca-pw.age
+++ b/secrets/step-ca-pw.age
@@ -1,12 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 dkV/5A VmFaL7M6+pzCGs0Kko8V2QDkEn0/jyboZ2Hrnj6vNWg
-cHTD03woD7bporsSNdDdq8nQ73Jc2xNK9zk3Uuz2ZRo
--> ssh-ed25519 xfrWcQ oY5bHfD4taxjzG4SUgRrUK2s3j9piQDagp4rixdnxwE
-cg53y8MRs/RoOeb8azToTg/szYR6f2tVnzX1zs4/kyc
--> ssh-ed25519 IV3DkQ zkEN/FDYFlb1c8/iZ5OnLl+mVN4vctdxbXZmvxqKzhM
-qxtEaHYm4T8GCE5TQ3zHmkn2duk6AEj+k7AZvuCsZf8
--> ssh-ed25519 DCzi1A +S9IcJ5nCY81GmC0TRq64brRhjciHCpoevw3Sc0oh00
-PJnFGkKHHeOFg3lRn2YFxXFEHWCUf8NhBh+l+AmUKMY
---- kHWmF/PcEfVXHrsEYBIeYnptPOQA6FDJgryYzVy6MpI
-lê§=ÚÁíÅŽŽ×Ä“ó#
-’·*£Zì· #©±×ß¥5¢µáÓ¬ÏF OL?Qº&Kõ†gó’„È\4»<’
\ No newline at end of file
+-> ssh-ed25519 oDXHAQ L8RbnVX5rl8T6esRa9icyYuYjyqO1+NRPQtS8GdrwTk
+DhrclVhBTnBQmqkErXwhXN19jcgCWPmOAdKOAo8WQKs
+-> ssh-ed25519 xfrWcQ r0NyjJ63Ary6rW8fTfOJEioCgeA63USQjlYug4R7+VQ
+SCzuV64fSfACUjMsn8SFn1wNNN4iaEej/6QVnJuOSVQ
+-> ssh-ed25519 IV3DkQ q2NjfeA7twQvW5uV2FQQQKEHKwv7OyQNjhyRY7YYTnw
+CW7RgadfeiApJGEBfW15SlQBLuQdZT+8HswmoS78Gio
+-> ssh-ed25519 DCzi1A ZqeBvfOmcrSckdQ8gA4yuOSgVCBfENC7MRM2tcC/pT4
+6bmUiD9b/eA00J1H/N6RKEaX4ewm6cM74qDTcBaftx8
+--- mdS5mRZRE3Otc89527fOYllyFM2TmlOWdDRbkjrrZ+M
+MþN·ô$æE<ÒüºÞ^5–Â"ãÙ‡ï6r¥Ê9^±“U»75²£)‘ôê±õÊž­,QÞJÀg¡~]¬OÄ
\ No newline at end of file
diff --git a/secrets/webhook.age b/secrets/webhook.age
index c7b076e..28511d0 100644
Binary files a/secrets/webhook.age and b/secrets/webhook.age differ
diff --git a/secrets/wireguard-client.age b/secrets/wireguard-client.age
index 2c6a5a4..c21a10e 100644
--- a/secrets/wireguard-client.age
+++ b/secrets/wireguard-client.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 DCzi1A NB/cgLOCzy4rcJkoVr54YFkEwXSsJWdR5MU/RxqzgEE
-2SYMqBNc9fPc1XAk++IFZzKlfAYfMmeDAohtTUwajAE
--> ssh-ed25519 FOj4qg 8NXCrjpwEgxuDFDjI2tHXWEqvgvmlDWKwaT7Hal0jic
-ug+nSpxOAMmwTCRXP+Z4F4b8YSZVgF8lq8ZvJ8Q+t08
---- K6OA3rpEUC6EC46gWGAIn4nsGlAx+Q7mZFYRUAVRB5E
-2©8ä¯ËìÁ–T2¹ºÌÞ=u3<QP}ý	—œ—*¸¿FÝ~(šÛÕvG\R¸Êx“9í‹Î°ˆæ6HeúË×ùïŒï[ùíˆš
\ No newline at end of file
+-> ssh-ed25519 DCzi1A 1/thhJSQpt/JYqMlN1NKgurtLqPwOAkxlc3R1dQNf2w
+n0ZfKlJf0MhkL26z4tzGf0JwZE71DxheWIXM+tOTvHQ
+-> ssh-ed25519 FOj4qg 7V59KMOlieioABVTnydsjCEyfl/7HUJnTpodpsQxjhE
+k+LWJvObqA/L50wPM2ikMC35JQk4/l6CgORl5juLdgM
+--- THjdWyOOGyGd64HPDwX1exew620Yhz30/VKc7yYjrL8
+‡3E6v}›{G}©ó`¥Š„êÊU96hlÐËd¿!ÄuøšbòëÚç:^´_ƒ9¤½³ÊrÔbýM¥Ÿ`›ãz9"ËõµDøE
\ No newline at end of file
diff --git a/secrets/wireguard-private.age b/secrets/wireguard-private.age
index 2ffe3ab..afd46ea 100644
--- a/secrets/wireguard-private.age
+++ b/secrets/wireguard-private.age
@@ -1,11 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 dkV/5A FhMxjBcbjjS/qYHq0W9vuAEWh0D4LG62iTKNm0vacwY
-2o6VCE8zZsRZczN0QemFPCyRqciTHx0Nmzgl+nlXBHA
--> ssh-ed25519 xfrWcQ j6+gGMbV+v2jVQU7DjTI+nBI8S5rncXY7nEmNBmhujU
-SVkjUG0FUzxOlJZ9O5LhmIP3XhAvDQQWE0MYaHl7qAI
--> ssh-ed25519 IV3DkQ rb7ReLYjttHEhEhhVFF7eqNSFXrBzMZpusvTyuMXzQs
-OSzhuMUuYUogRFxc7cYOJm8ndm+GLoNZT5VQ4A91k5Q
--> ssh-ed25519 DCzi1A BqUcBTDbhl5cbe3lLePWMm7UL1Q0mocynUHG6BxrlH0
-ISVR5FWzADZOaJA2SRv1TmmMqJ6yz+pLWE1miHn2VJk
---- MeQ/Wz0RDfi0OR8Bwvp1QJRlx9FH52S38DFsl9n4V1U
-DŽßÄÙ7E\åÃJ6‰älŸî¬žo†Ã:Vzœ¶ZZ¬îð¼ûåÊÞÆ?Ú[c4žU)G|ŠÚÛO;zåâòi?¬cÜàÈYdª(
\ No newline at end of file
+-> ssh-ed25519 oDXHAQ ycMrply5zXpS2iEZ9WlqMzh+TJrxKlajkloyEesNPAE
+9E7h1h8m0b1O264V6XdQnvbDS9QdKGg5RL+a9mROkr8
+-> ssh-ed25519 xfrWcQ tuUCexB9PelrmSscKj03mJNIudr9ufvNZ5eDPKMdXh0
+m8oM1uUT6t4w46X6tcwLH42ArDP2jWA2V37tEXAPwiY
+-> ssh-ed25519 IV3DkQ czqea5pCSja7n/3fMtAoeIz9J+3y4yIzIhuA/gJg9yw
+5y5yAyEYyWT7sdnzVaNHnLM5SRFcZi3w/rcBTkJuYx4
+-> ssh-ed25519 DCzi1A LyDvQ5eUvoEywd/brvNjieQEPR0vqhLcuAWOOdNCpFc
+IUiKZKf9adTo2PgBZcCjwtH4noKN/MNSa8Rnff+XpJs
+--- aL1YI8NF550QgpFeXzWCR2DziD7u+eytLZZnvju8I6c
+	Ì"ñ`Í{ÈÑF}*NsÙÝ‚.˜îî
+\”,Ú8—aûpÍ”Ÿn¡ìn’<Á5_(Õ«Èœêg÷&ËÚ9Ø½ºE\¨u¬ Ïä
\ No newline at end of file
diff --git a/systems/amd-server-vm/configuration.nix b/systems/amd-server-vm/configuration.nix
index 12ecd8c..ae813ef 100644
--- a/systems/amd-server-vm/configuration.nix
+++ b/systems/amd-server-vm/configuration.nix
@@ -9,6 +9,7 @@
     ../../modules/logging.nix
     ../../modules/motd.nix
     ../../modules/kernel.nix
+    ./disk-config.nix
     (modulesPath + "/installer/scan/not-detected.nix")
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
@@ -100,15 +101,15 @@
   services.xserver.videoDrivers = [ "vmware" ];
 
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-    options = [ "defaults" "noatime" ];
-  };
-  fileSystems."/boot" =
-  { device = "/dev/disk/by-label/ESP";
-      fsType = "vfat";
-  };
+  #fileSystems."/" = {
+  #  device = "/dev/disk/by-label/nixos";
+  #  fsType = "ext4";
+  #  options = [ "defaults" "noatime" ];
+  #};
+  #fileSystems."/boot" =
+  #{ device = "/dev/disk/by-label/ESP";
+  #    fsType = "vfat";
+  #};
   fileSystems."/data" = {
     device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
     fsType = "btrfs";
diff --git a/systems/amd-server-vm/disk-config.nix b/systems/amd-server-vm/disk-config.nix
new file mode 100644
index 0000000..d075579
--- /dev/null
+++ b/systems/amd-server-vm/disk-config.nix
@@ -0,0 +1,38 @@
+# Example to create a bios compatible gpt partition
+{ lib, ... }: {
+  disko.devices = {
+    disk.main = {
+      device = lib.mkDefault "/dev/vda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ]; # Override existing partition
+              mountpoint = "/";
+              mountOptions = [ "compress=zstd" "noatime" ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/systems/amd-server/configuration.nix b/systems/amd-server/configuration.nix
index d87f6eb..d84009d 100644
--- a/systems/amd-server/configuration.nix
+++ b/systems/amd-server/configuration.nix
@@ -14,30 +14,12 @@
     #tmpfs.enable = true;
     nftables.enable = true;
     cli-tools.enable = true;
+    virt-manager.enable = true;
     nix = {
       index.enable = true;
       ld.enable = true;
       settings.enable = true;
     };
-    static-ip = {
-      enable = true;
-      ip = "192.168.0.20";
-      interface = "enp6s0";
-      dns = "192.168.0.10";
-    };
-    #   static-ip = {
-    #     enable = true;
-    #     interface = "enp42s0";
-    #     ip = "192.168.0.11";
-    #     #dns = "127.0.0.1";
-    #     dns = "192.168.10";
-    #     #gateway = "192.168.0.10";
-    #   };
-    # It uses 1.1.1.1 for some reason? set in /etc/dnsmasq-resolv.conf. no idea why
-    #services.dnsmasq = {
-    #  enable = true;
-    #  server = [ "192.168.0.10" ];
-    #};
     services = { syncthing = { enable = true; }; };
     hardware = {
       firmware.enable = true;
@@ -56,31 +38,32 @@
   mainUser.layout = "de";
   mainUser.variant = "us";
 
-  virtualisation.vmware.host.enable = true;
+  networking = {
+    useNetworkd = true; # Ensure networkd is used, as it handles bridging well
+    defaultGateway.interface = "br0"; # Set the default gateway
+    defaultGateway.address = "192.168.0.1";
+    useDHCP = false;
+    nameservers = [ "192.168.0.10" "1.1.1.1" ];
+    interfaces.enp6s0 = {
+      name = "eth0";
+      ipv4.addresses = [];
+    };
 
-  systemd.services.start-vm = {
-    description = "Start VM";
-    wants = [ "network-online.target" ];
-    after =
-      [ "network.target" "network-online.target" "vmware-networks.service" ];
-    wantedBy = [ "multi-user.target" ];
-
-    serviceConfig = {
-      Type = "forking"; # ?????? doesnt work without it, thanks vmware
-      ExecStart = let
-        script = pkgs.writeShellScript "start-vm" ''
-          sleep 10
-          ${pkgs.vmware-workstation}/bin/vmrun start /root/vmware/server/server.vmx nogui
-        '';
-      in "${script}";
-      User = "root";
-      Restart = "on-failure";
-      RestartSec = "5s";
-      ProtectHome = false;
-      ProtectSystem = false;
+    bridges.br0 = {
+      interfaces = [ "eth0" ]; # Add eth0 to the bridge
+    };
+    interfaces.br0 = {
+      ipv4.addresses = [{
+        address = "192.168.0.20";
+        prefixLength = 24;
+      }];
     };
   };
 
+  services.xrdp.enable = true;
+  services.xrdp.defaultWindowManager = "xfce4-session";
+  services.xrdp.openFirewall = true;
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
diff --git a/systems/pc/configuration.nix b/systems/pc/configuration.nix
index 8f52835..0e41160 100644
--- a/systems/pc/configuration.nix
+++ b/systems/pc/configuration.nix
@@ -54,7 +54,7 @@
       audio.enable = true;
       code = {
         enable = true;
-        #android.enable = true;
+        android.enable = true;
       };
       #emulators.enable = true;
       gamemode.enable = true;