diff --git a/flake.nix b/flake.nix
index e544e47..fcef56b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -191,9 +191,9 @@
         # build vm -> nixos-rebuild build-vm  --flake .#vm
         "vm" =
           mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; };
-
+        # nixos-rebuild switch --flake .#server-vm --target-host root@192.168.0.21 
         "server-vm" =
-          mkHost { modules = [ ./users/anon ./systems/server-vm/configuration.nix ]; };
+          mkHost { modules = [ ./users/anon ./systems/amd-server-vm/configuration.nix ]; };
       };
 
       packages.x86_64-linux = {
@@ -205,7 +205,7 @@
             pkgsVersion = nixpkgs-unstable;
           } // {inherit inputs outputs; };
           lib = nixpkgs-unstable.legacyPackages.x86_64-linux.lib;
-          modules = defaultModules ++ [ home-manager-unstable.nixosModules.home-manager ./users/anon ./systems/server-vm/configuration.nix {
+          modules = defaultModules ++ [ home-manager-unstable.nixosModules.home-manager ./users/anon ./systems/amd-server-vm/configuration.nix {
             # 100G disk;
             virtualisation.diskSize = 100 * 1024;
           } 
diff --git a/modules/services/adguard.nix b/modules/services/adguard.nix
index 4f8865e..ff352e3 100644
--- a/modules/services/adguard.nix
+++ b/modules/services/adguard.nix
@@ -54,7 +54,7 @@ in {
             "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
         }];
         dns = {
-          bind_hosts = [ "127.0.0.1" ip wireguardIp ];
+          bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable  [ wireguardIp ];
           port = 53;
           protection_enabled = true;
           filtering_enabled = true;
diff --git a/pkgs/ente-frontend/default.nix b/pkgs/ente-frontend/default.nix
index 9f673b9..33e8f7a 100644
--- a/pkgs/ente-frontend/default.nix
+++ b/pkgs/ente-frontend/default.nix
@@ -7,13 +7,13 @@ buildNpmPackage rec {
   src = "${(fetchGit {
     url = "git@github.com:oberprofis/ente.git";
     ref = "master";
-    rev = "1b6219ee1d9c7be207cc8a2e8282704fb577356c";
+    rev = "42ccf9f7427d8007fce65526e9b9d0443115e476";
   })}/website/tracker-site";
   npmDepsHash = "sha256-fYTRhIU+8pdIm3wC5wJRcDUhgN3d+mmvfmVzuu0pjLQ=";
 
   # The prepack script runs the build script, which we'd rather do in the build phase.
-  npmPackFlags = [ "--ignore-scripts" ];
-  npmFlags = [ "--legacy-peer-deps" ];
+  #npmPackFlags = [ "--ignore-scripts" ];
+  #npmFlags = [ "--legacy-peer-deps" ];
 
   installPhase = ''
     mkdir -p $out
diff --git a/secrets/adminarea.age b/secrets/adminarea.age
index 2c9c8d5..58bdf3f 100644
--- a/secrets/adminarea.age
+++ b/secrets/adminarea.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 bqM3xA Y42xefWKGT6S7hVhvXEVOygSFfJj2N+Hgq5C4w+YGgQ
-DNOblrNet6mE+cYe6bCehdJB++t/yXn6i6PU9oMg8Y8
--> ssh-ed25519 DCzi1A jkOZ2PwpkqFpQwtEwIPU1N5jeUySAMVNc56a06CM+w0
-LApR3u9D3+v5F6NHLVr8MSAM8aYSYMwOBlY8UXnyYfw
---- o3Gzah0R4s3bKF77NH2HbuePX6odQ4Tt1xXh4FM5lh8
-°È{îûä¹‘D0Ç/s&iCM‘È®ˆç³îçÄ~àX¤ö¸
-­Z–h+™ g1ÄYÐ6	kišËP¡má…¦JV ò(Œ£]9;+Óü%‰µ‚ƒúüQDÏ¦*·²¬3ÍÎ7ô¡º‚þÁŸ
\ No newline at end of file
+-> ssh-ed25519 bqM3xA myivNex19fF3ZRHmnoxewa4kW5YvX7hxvSlhJm6SsRw
+kknnuW/w+ku4ZuqPkW6d+XLdaMS83AH1d9555DD3wbY
+-> ssh-ed25519 DCzi1A df+C5KNtrYLTOIBsCKNuzF9ePjh4mm2YtYPzoxZNQ18
+S54lzYFdLgEP0LaOUa7U5RvyVKeUs3Hw/oNVUZwRVb4
+--- KPaLIgkd4T3K9OYTiqDJsiQ5hTefahEFv7h+ndxCMC8
+n“òcÄ$—š *ïh•ZLÚ?ÚðŽ2Ûqo¤#sfk³;jkC?çÀiçEŽ, ´$Å6þD$·ï[˜‡sA¾Èqë¼i;²	ª™A’{ˆªñÕb\ñ†ö»rÊÌËTâT9»„¨lópè
\ No newline at end of file
diff --git a/secrets/coturn-secret.age b/secrets/coturn-secret.age
index 6540514..3f2ffba 100644
Binary files a/secrets/coturn-secret.age and b/secrets/coturn-secret.age differ
diff --git a/secrets/duckdns.age b/secrets/duckdns.age
index a562980..ea78094 100644
--- a/secrets/duckdns.age
+++ b/secrets/duckdns.age
@@ -1,12 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 su0Eyw cZ2LcxtHVTS0C6UtosikfFdj383T+CqORj2OzvWkYCI
-2mEybfmdlP0+MD2F4If/vZ1CEOC62I9wz2PGPIvsk6E
--> ssh-ed25519 xfrWcQ AigoFpYG/JShNhp/00vRkJAjAfww9yDDDAfi66TrtgI
-0fiThEgz8SibuSkgr06wwuKATYaIsLgaSVlTKyOft6I
--> ssh-ed25519 IV3DkQ bhsNlU2erEJP/aJsycYslfJUJSHibYPLH7vXKpuobFU
-sLPF6S/FHIQm80dxHSUkY8+/6mhsY4Npii8cXgCyVfU
--> ssh-ed25519 DCzi1A XN9ZzLYfLJ5g2604Q3zh+GU9WEYWnWFTEj/NKhGx/no
-Qo18RZB/urMS1sI/HaBexiwvIoouGJNHgDoISMWfp5U
---- ypjgJk/XWMXN49ydjElxn3DRVYXHOdTtjJsFMoVz/L8
-¹ÄÅÈ
-èoµÖÌå|ó;ªŽªì}ihÛ¸,¯DgP_N½Ët3³æ#“>=KIå<ìŽrwd«¤ÚÃªØ'Þn	\¿ËYÞ+
\ No newline at end of file
+-> ssh-ed25519 dkV/5A NszBp6tthzJKoeujJ0k1AbIWvK0Vii3yK3iHCZC8yFk
+3Uxxeb8RijQb63WOVcYXL53C5cl3vTGG/s2t8pJavL4
+-> ssh-ed25519 xfrWcQ I8RgQBkcI+eGYLuJRiadQSMm7VlL7PIvCLv9P3nQ5WE
+tmfz9k8r2V9urFjIU+JDtHpCxQlAioTY90EqjXCVKvk
+-> ssh-ed25519 IV3DkQ eOiXgjJi7XrNULS+4rTY61Nw8YqUUDmW+r29q5vQFAc
+V2C6EHeXDseNKd4Vus0mcI808FySxQQ1DJUdpLwFqaQ
+-> ssh-ed25519 DCzi1A E/zVOLiv2O66rwbK++3YDGr/h+FZmk5f5WTo9W/3VQE
+VW7yJONqcOqcHE9CK9iRNPFDBFpf0+/oISyIYmuoiJs
+--- pcApz4sq0MZALDTE7lvbXHUyBP2CctsVZX7bsR5Lry0
+ióE)fy"|z
+RS®AKNÕ<±å}-ôŠ,Ïõ¦„8âþƒ7˜ O³\œ–ÑrW…×%eÄyÙ¯ÜÎ<a
+	C
\ No newline at end of file
diff --git a/secrets/fileshelter-conf.age b/secrets/fileshelter-conf.age
index e0379ff..4f2abc0 100644
Binary files a/secrets/fileshelter-conf.age and b/secrets/fileshelter-conf.age differ
diff --git a/secrets/github-runner-pw.age b/secrets/github-runner-pw.age
index 1d0f1b1..13076fd 100644
Binary files a/secrets/github-runner-pw.age and b/secrets/github-runner-pw.age differ
diff --git a/secrets/github-runner-token.age b/secrets/github-runner-token.age
index be69641..678369e 100644
--- a/secrets/github-runner-token.age
+++ b/secrets/github-runner-token.age
@@ -1,12 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 su0Eyw tsRQwOuzuo1myyOmMvzxYDHA4zlK7EyTGrNpsq0t9go
-ki9GV4V/SJPMlL6iMDBgWR5bNPGvrR3CsDnhdvFba/k
--> ssh-ed25519 xfrWcQ 6CfTJmuCMghUL1yiJROIWRzgiMhs6VsFXofByAxqflo
-iJ+nA4HzCVjNCGWfLAnFMpZU2/hefoWjqDZVt7tjSUI
--> ssh-ed25519 IV3DkQ MXXlf/hEZAla6p/RwBTFPCntO3ITxTQMghLvT260Hgo
-007T3jGbgoLM4xseJ8CEGqFH9waxm+U0N8BwNVBhLYk
--> ssh-ed25519 DCzi1A LMrXbICNNDoowdi0E7Y8/2jKmaQJUhje7fMc8nS9Vxg
-sc7G1TDDVEMohVJKm/bKi5E+UysMlzaEFbbUsq6Icvk
---- 4KneAxtY+GSh+aPdcliazRLvh8H9/9pc6CGsbMb6r/o
-Ó˜$`wãˆàe è4qŸ*mˆ¨Ò½¯p1“Ý·îøîž~\
-qJ<Qùì¦_ÕV1&žk\äiXØ€ê¡xÏ¢ÏU÷˜ýA§ËÒE}—ªªôvöh¦3¢Àwš+´V²	­Ó¨v{oj@ÎY¿ŠD€#þ®øj¸M¸ÅçÅJ
\ No newline at end of file
+-> ssh-ed25519 dkV/5A rWzRyAbe/agyiwmtBOI/lRHWYxB18Ag3TqDs6WQaBhM
+heDqzOOBC+k80bfwZWX7Snq7Yh9BzEf/lpza8bs8f28
+-> ssh-ed25519 xfrWcQ bGntPjfBzp5o09BovuG8odcZ40MLJyEXDmv2PkypehQ
+J5FJ7+u4afdnVAC7Y8yoAQOYPe+UnOGU620dtNt787g
+-> ssh-ed25519 IV3DkQ Y3HuEQ+pxsx4Zen2ChZDAzABKQQf654GDsv3u2cG6j4
+moeEQxNMsZxd9ILeoAQoMcmE6b6SN6tRF6YRGgoysvQ
+-> ssh-ed25519 DCzi1A 723bVp7bkm0RvPusFz1ZONVG4/+fXW35sVLqFZTOxHM
+JnsF2C0mfRrNsskJgz7Am5JqABrOc7utXMZ83AfwjF0
+--- 5UIyWetLujNh36YyeeYMGoBFn4F/nJz9HNT1glkp7QA
+­]é}GçÛýã|‰±ÑnÙ»åT}ƒ›Ø~ÅÖ¹ÕÚ= ß¥Ÿ´&>½œÄm!õÚ•’w½ŠÕ—YJ]‡Æ5³úÔ›Ú¸3ÔÙñ][¢GÂ+™ì2#êFý_;úîƒYÓÈ­(·»dÐÑv]ÞÉ×GÌdò–Â§ªy
\ No newline at end of file
diff --git a/secrets/grafana-contact-points.age b/secrets/grafana-contact-points.age
index 3c20424..3a0af33 100644
Binary files a/secrets/grafana-contact-points.age and b/secrets/grafana-contact-points.age differ
diff --git a/secrets/kavita.age b/secrets/kavita.age
index 664de94..28c8903 100644
Binary files a/secrets/kavita.age and b/secrets/kavita.age differ
diff --git a/secrets/matrix-registration.age b/secrets/matrix-registration.age
index 202a3c2..9ab6ac6 100644
Binary files a/secrets/matrix-registration.age and b/secrets/matrix-registration.age differ
diff --git a/secrets/nextcloud-admin.age b/secrets/nextcloud-admin.age
index ba4564a..5d3971d 100644
Binary files a/secrets/nextcloud-admin.age and b/secrets/nextcloud-admin.age differ
diff --git a/secrets/nextcloud-cert.age b/secrets/nextcloud-cert.age
index 16ba405..df79310 100644
Binary files a/secrets/nextcloud-cert.age and b/secrets/nextcloud-cert.age differ
diff --git a/secrets/nextcloud-key.age b/secrets/nextcloud-key.age
index 46252fa..152ce24 100644
Binary files a/secrets/nextcloud-key.age and b/secrets/nextcloud-key.age differ
diff --git a/secrets/paperless.age b/secrets/paperless.age
index d7018a8..c27cd6f 100644
--- a/secrets/paperless.age
+++ b/secrets/paperless.age
@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 su0Eyw SMreMP94QyAiyvhz+WA/s8ZIiSvr7EXTt7jVOEqn3yc
-3srDjvhsTRLJpKj+mMw41SgNiP1a8o9MIbtpn/llYWc
--> ssh-ed25519 xfrWcQ DBXUORSHA1ncTGxR1DXniHE30FiJtxM5h6Vm4AR0eSQ
-F+5QgUnFcBOh3ogJfqyYrORigid9qxVsaxpcOeQH1Hw
--> ssh-ed25519 IV3DkQ KPGXb3+MUvsNE22F787u1diONSWdnxSmmBQAgAE3yRs
-xQPgMee8nKR1pbYXPDCrPamVz7rxsp6T7VGVqHYRPV0
--> ssh-ed25519 DCzi1A +jUwmDeIX4QCfGtVESMi9BNYBwsH+ntdx7LtXhX5BFE
-fpPZFMomCAoyIniCtKbMfiUnlu3Js6vHv9MgVHR3XJw
---- VMOK7LJR3QvQ65+Ei6OxDbqHpOwJmCRb7OBSZM9bKLs
->H¼ºç\ãBˆ¢2DÒž¶a"ÛC¥©‰‰n_§Wóµã†í_ïãPHúíi¹ß©\%î¼yoU¡sË¿Z9"M¡ÉöçX7]§reTûéˆ_ËåŽ$KOø(
\ No newline at end of file
+-> ssh-ed25519 dkV/5A 6v3LNRJ6Lr/Ae0hPiN7OdW+OUFMWC8I4z81g2FFsGWc
+sxh+9UUCnsKvttqsW6923mztw+xyvNWhmbfCnfts92g
+-> ssh-ed25519 xfrWcQ 9fTveDQemfAdZJz/Gy+y+VWeTPpi0rAKqhgaG4UWhT8
+HcAL+mG/iarpSODGwSUTqE9BLsH2b/J+9W/1ltHoAls
+-> ssh-ed25519 IV3DkQ IHC/AKhklAjr7snFg6mX5gTL4WqyKU6ZJlurLAHsHzE
+AwTcys0aZQy8eK6son1/rOQr+3UgpGMVvviF+MjlhXo
+-> ssh-ed25519 DCzi1A 5sW3obtVcuGeuQaaaD2xWdpVhHoxQlyC8fO6RreE+hY
+f/uGVNZHQfD0oi/bmdlIILPrMZqE2cLLDwlAS2Lvjx4
+--- dcmGgM7+4AWkXbwLOyEVpfl2hpvbKoFFIfeHKFJkqcY
+7Åó8òávMçžp"³XðÁÛŠ¯Â]P°Nè”(ÉîÉ¶2á,[­ÖŒÖ«c ¬$\'"‚…|Jý«N‰ù=KúŠãm—CVøx‚¥&¥>Ä¶ñij`
\ No newline at end of file
diff --git a/secrets/plausible-admin.age b/secrets/plausible-admin.age
index 8913339..11f56e6 100644
Binary files a/secrets/plausible-admin.age and b/secrets/plausible-admin.age differ
diff --git a/secrets/plausible-keybase.age b/secrets/plausible-keybase.age
index b93dcc9..7777954 100644
--- a/secrets/plausible-keybase.age
+++ b/secrets/plausible-keybase.age
@@ -1,8 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 bqM3xA pYt0CoyfIkCGgoWQrIEqpoVXz/8YgN3mOcl+GJNgu2s
-K5HaUKQb/oJ/BIqPEWwfwP89qdlbStI7EDZcy7u3C2s
--> ssh-ed25519 DCzi1A X5unppDtHIfPkYyt53pyWt0D+TYKO/8vOSZCmLeS9UA
-pmWOrT3kB89a+rxoe37uRR+EPESYKlwlTITqDXB/SuU
---- eKLEbWNmQOwYObYWmp3TsplYv4yEeJms+c8Ny0bclTs
-fßÜÕoCP‘V¾K¿Ú¹ù¹ø]âÁôzäŸu©Þ÷Ž©Öö#	7Jž8VÖ®I´ÅEðÍ7u0v&_žÞg­D/‰®ª—ZøQÞ‘+â¤ZÅ;G<åÂã²kÙ©¨Ÿ£¡ªrR¼µbB¶C¦L
-j÷XÏòŠØC”:¥S×
\ No newline at end of file
+-> ssh-ed25519 bqM3xA /51wbxBqMFtCXGpoiDTf7tekNOhT1z7BS8O1RQpssw4
+gU08DxPsS1sLfIm3z9sSlC8OAxIrXRsllYHr+p3Nhtg
+-> ssh-ed25519 DCzi1A cX1K/YwnW1sKbmCYSDWQQUPEZ8PvHQ7oRk6dQ2WMYCw
+W0KvV/7NQ4fLETiTy52uo+dr0DOr3RSt+FiW5ETp4jc
+--- J42z35mU+Wql9jKlGEiea9EiqjcV+nWhc/rucZwUNyA
+öâ´â€V¸„uiÿ”63®±\Ruƒçþ<"’@·ò™”ù#)l	Ñ«ï
+UÁã4AƒûjÏ™×áÜ»p¡'7™À`Jœ©¢(ì£½êsYƒÿØEÊzEÛHü„:$í5ó[ä)t³ÙWD•ÞÐb²UX€Fñš
\ No newline at end of file
diff --git a/secrets/radicale.age b/secrets/radicale.age
index 4247e74..4ceaf00 100644
Binary files a/secrets/radicale.age and b/secrets/radicale.age differ
diff --git a/secrets/restic-gdrive.age b/secrets/restic-gdrive.age
index 25cad6d..0101253 100644
Binary files a/secrets/restic-gdrive.age and b/secrets/restic-gdrive.age differ
diff --git a/secrets/restic-pw.age b/secrets/restic-pw.age
index e384f73..b59e132 100644
Binary files a/secrets/restic-pw.age and b/secrets/restic-pw.age differ
diff --git a/secrets/restic-s3.age b/secrets/restic-s3.age
index 8410a39..034a3b8 100644
Binary files a/secrets/restic-s3.age and b/secrets/restic-s3.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3729efc..8b89f25 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,7 @@ let
   kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
   server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
   laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@nix-laptop";
-  mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKla9+Gj2i9Ax7cIdnTM6zsmze3g1N/qCPqhga0P+toU root@mini-pc";
+  mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/hwMtI0Xj4eRLjITV/Q2BQGG11NCHZRTLuecE/ZPM5 root@server-vm";
   mini-pc-proxmox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0kX32LfIOv8FDVvdp7lWesVvMGh5tj84nv7TkIR1cs root@mini-pc";
   adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos";
   users = [ kop ];
diff --git a/secrets/stash-auth.age b/secrets/stash-auth.age
index 98aee43..b55df1e 100644
--- a/secrets/stash-auth.age
+++ b/secrets/stash-auth.age
@@ -1,11 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 su0Eyw ubrXjjXR/NWzbnYk8/x9A64iQDmxXsHHyxHyHvFouAE
-ot9ZNCyG0OGVALdtrHwg+6jQiNznDicBu74yyFernKU
--> ssh-ed25519 xfrWcQ kFeLZt8cxhBhe54M1FQTAw5B/zOzaXBM8uDJMrKPwAY
-lzEzl/ZcKSZ3xmxdKE2qSJWSrJl9vS5uFpACOgTITfg
--> ssh-ed25519 IV3DkQ 2Gobyktl920WUhBp7ukIcDcdyRem3Y359C7BUIX2Q0Q
-n/+a2XRZghCC/Ufaix50eoQJMr2ThM+xz6MimINxZE4
--> ssh-ed25519 DCzi1A 1WGot8qzyx1OZ4oeOG1rGjhgUcjfyEd9G4GAwWG2MX0
-ky/XJR/qcmISfgwkC+ColVTjQJQWkg48whKo1glg7oQ
---- ISzwjQcQ3rt/fcVDESFhiv+k6gPvpckjlkFZ7aWyxXA
-¤qøÿ¬‹GðSå•ïg÷/™‚’yâÊëT×$Ã¸Ö©œ<d"æ}éûçtð¾Ýª%Ç,Bê–c¢ù0(Âº¹ ·¼9&o¹c ‘ˆÐòÔÄ†HËR:L;73å
\ No newline at end of file
+-> ssh-ed25519 dkV/5A H45UCnfk0L30LTAIJQ21zWMfvYurNxsC7wZJbCZRr1U
+pexJiRj9wUy5S8jzMDWUZpKTCQIpGKDH3o/BPGDIrXc
+-> ssh-ed25519 xfrWcQ PnFaA7dYMhvwECptLvjkZPY5exA7QQU9J3yuzfFHU0M
+tf7pmM2cNqanKNINYkSmn5XMl4VaHpGTIM/3yJydnV4
+-> ssh-ed25519 IV3DkQ NByh1UlLrvvrALcRr25S/Q3TKxbJupknfPxT0BcfbHA
+RMAV0OJ70qcce0hVZ49HgMLqTjmhEnyHunnSPs6PDt0
+-> ssh-ed25519 DCzi1A AK2WRW6/SwNkv8ZC2RafnpuODniO0hi44hr6j6zmsB0
+keejUQyYNd3mKqf0bBIaxGWuVncge7bWnnPwFAwuY7A
+--- 1S9P2L4/3qA01SRlO/GOZfSg2Y5ckO58iYMe6rfl3es
+“jÚ>;‹g°cE@suÇ
+ß–6È»ñëóøPIdzÜÙå*±#Áù}itüÐbÃˆî­‰©Å
+Þ5¦ä€‰oÇ¼…léeB{Úwìal/“0£¯J“¥Oƒü¤ªó
\ No newline at end of file
diff --git a/secrets/step-ca-key.age b/secrets/step-ca-key.age
index d0a2559..437daaa 100644
Binary files a/secrets/step-ca-key.age and b/secrets/step-ca-key.age differ
diff --git a/secrets/step-ca-pw.age b/secrets/step-ca-pw.age
index 5d41695..64b428e 100644
Binary files a/secrets/step-ca-pw.age and b/secrets/step-ca-pw.age differ
diff --git a/secrets/webhook.age b/secrets/webhook.age
index bddfa3a..c7b076e 100644
Binary files a/secrets/webhook.age and b/secrets/webhook.age differ
diff --git a/secrets/wireguard-client.age b/secrets/wireguard-client.age
index b9a4e4f..2c6a5a4 100644
Binary files a/secrets/wireguard-client.age and b/secrets/wireguard-client.age differ
diff --git a/secrets/wireguard-private.age b/secrets/wireguard-private.age
index ec0a790..2ffe3ab 100644
--- a/secrets/wireguard-private.age
+++ b/secrets/wireguard-private.age
@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 su0Eyw TSYqpni/Ql+lZa+oFPN3hn8fR4HM3mZ6o9UQKF2KI2s
-/IxKWNcfPpsW74ajLj5Nzu8oqLEvGht4mOaJCGKUpHE
--> ssh-ed25519 xfrWcQ ti3YCRm+xByOvl4kjqqFMA82QNogaQsD52VelAb1IyA
-m4M25xeL2PIzp/BZ23VLb1G+3R6FYAt7wH+816hGSSs
--> ssh-ed25519 IV3DkQ ZqrkWMup3fqiPtDa57NifZEyRTdNdcp+ZJzB6oKZjAk
-jszSfRmBrN5QLqKdM329uGHQYY+t7m0Ra/RpNkI56AQ
--> ssh-ed25519 DCzi1A vOXrGSxFvRj7S33RfhNuI1WvOITZ0vcLsLmuutlcqx4
-8ZQQ26trhVFNEG9yFOmjFgDZh1qq0v4lpDzWYlPC5L4
---- E0g+TAkc6Mj2vicS3ub2CEr2XYu4Q1nkWgnrs8KnFVE
-vÀäéîvÉ,6|WA?§d'!DÌÐÖZfu½¦*}a[[}•WA{Îp¯@DÛv‰’|ÿ¢CrÖß|[SÆ@îq‘6ìE
\ No newline at end of file
+-> ssh-ed25519 dkV/5A FhMxjBcbjjS/qYHq0W9vuAEWh0D4LG62iTKNm0vacwY
+2o6VCE8zZsRZczN0QemFPCyRqciTHx0Nmzgl+nlXBHA
+-> ssh-ed25519 xfrWcQ j6+gGMbV+v2jVQU7DjTI+nBI8S5rncXY7nEmNBmhujU
+SVkjUG0FUzxOlJZ9O5LhmIP3XhAvDQQWE0MYaHl7qAI
+-> ssh-ed25519 IV3DkQ rb7ReLYjttHEhEhhVFF7eqNSFXrBzMZpusvTyuMXzQs
+OSzhuMUuYUogRFxc7cYOJm8ndm+GLoNZT5VQ4A91k5Q
+-> ssh-ed25519 DCzi1A BqUcBTDbhl5cbe3lLePWMm7UL1Q0mocynUHG6BxrlH0
+ISVR5FWzADZOaJA2SRv1TmmMqJ6yz+pLWE1miHn2VJk
+--- MeQ/Wz0RDfi0OR8Bwvp1QJRlx9FH52S38DFsl9n4V1U
+DŽßÄÙ7E\åÃJ6‰älŸî¬žo†Ã:Vzœ¶ZZ¬îð¼ûåÊÞÆ?Ú[c4žU)G|ŠÚÛO;zåâòi?¬cÜàÈYdª(
\ No newline at end of file
diff --git a/systems/server-vm/configuration.nix b/systems/amd-server-vm/configuration.nix
similarity index 64%
rename from systems/server-vm/configuration.nix
rename to systems/amd-server-vm/configuration.nix
index 2c47d4f..975f610 100644
--- a/systems/server-vm/configuration.nix
+++ b/systems/amd-server-vm/configuration.nix
@@ -19,6 +19,7 @@
     loader.grub = {
       efiSupport = true;
       efiInstallAsRemovable = true;
+      device = "nodev";
     };
   };
 
@@ -27,10 +28,9 @@
   custom = {
     static-ip = {
       enable = true;
-      ip = "192.168.0.21";
+      ip = "192.168.0.10";
       interface = "eth0";
-      #dns = "127.0.0.1";
-      dns = "192.168.0.10";
+      dns = "127.0.0.1";
     };
     user = {
       name = "anon";
@@ -43,48 +43,48 @@
     };
     misc = {
       docker.enable = true;
-      #backup = let
-      #  kavita = "/data/kavita";
-      #  gitolite = "/var/lib/gitolite";
-      #  syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
-      #  syncthingFull = syncthing
-      #    ++ [ "/data/synced/fh/" "/data/synced/books/" ];
-      #  backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
-      #  backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
-      #  backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
-      #in {
-      #  enable = true;
-      #  small = backupPathsSmall; # goes to backblaze
-      #  medium = backupPathsMedium; # goes to gdrive
-      #  large = backupPathsFull; # goes to local storage medium
-      #};
+      backup = let
+        kavita = "/data/kavita";
+        gitolite = "/var/lib/gitolite";
+        syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
+        syncthingFull = syncthing
+          ++ [ "/data/synced/fh/" "/data/synced/books/" ];
+        backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
+        backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
+        backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
+      in {
+        enable = true;
+        small = backupPathsSmall; # goes to backblaze
+        medium = backupPathsMedium; # goes to gdrive
+        large = backupPathsFull; # goes to local storage medium
+      };
     };
     services = {
       acme.enable = true;
-      #gitolite.enable = true;
-      #github-runner.enable = true;
+      gitolite.enable = true;
+      github-runner.enable = true;
       #caldav.enable = true;
-      #kop-monitor.enable = true;
+      kop-monitor.enable = true;
       kop-fileshare = {
         basePath = "/stash";
         dataDir = "/1tbssd/kop-fileshare";
         enable = true;
       };
-      #nginx.enable = true;
-      #ente.enable = true;
-      #kavita = {
-      #  enable = true;
-      #  dir = "/data/kavita";
-      #};
-      #wireguard = {
-      #  enable = true;
-      #  ip = "192.168.2.1";
-      #};
-      #adguard.enable = true;
-      #syncthing = {
-      #  enable = true;
-      #  basePath = "/data/synced";
-      #};
+      nginx.enable = true;
+      ente.enable = true;
+      kavita = {
+        enable = true;
+        dir = "/data/kavita";
+      };
+      wireguard = {
+        enable = true;
+        ip = "192.168.2.1";
+      };
+      adguard.enable = true;
+      syncthing = {
+        enable = true;
+        basePath = "/data/synced";
+      };
     };
     nftables.enable = true;
     cli-tools.enable = true;
@@ -98,6 +98,16 @@
   virtualisation.vmware.guest.enable = true;
   services.xserver.videoDrivers = [ "vmware" ];
 
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+    options = [ "defaults" "noatime" ];
+  };
+  fileSystems."/boot" =
+  { device = "/dev/disk/by-label/ESP";
+      fsType = "vfat";
+  };
   fileSystems."/data" = {
     device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
     fsType = "btrfs";
diff --git a/systems/amd-server/configuration.nix b/systems/amd-server/configuration.nix
index fd0982a..1be438e 100644
--- a/systems/amd-server/configuration.nix
+++ b/systems/amd-server/configuration.nix
@@ -5,11 +5,9 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
-
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
 
   custom = {
     #tmpfs.enable = true;
@@ -51,15 +49,34 @@
       nightlight.enable = true;
       i3.enable = true;
       shared.enable = true;
-      games = {
-        enable = true;
-      };
+      games = { enable = true; };
     };
   };
   mainUser.layout = "de";
   mainUser.variant = "us";
 
-  virtualisation.vmware.host.enable = true; 
+  virtualisation.vmware.host.enable = true;
+
+  systemd.services.start-vm = {
+    description = "Start VM";
+    wants = [ "network-online.target" ];
+    after = [ "network.target" "network-online.target" "vmware-networks.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "forking"; #?????? doesnt work without it, thanks vmware
+      ExecStart = let
+        script = pkgs.writeShellScript "start-vm" ''
+          ${pkgs.vmware-workstation}/bin/vmrun start /root/vmware/server/server.vmx nogui
+        '';
+      in "${script}";
+      User = "root";
+      Restart = "on-failure";
+      RestartSec = "5s";
+      ProtectHome = false;
+      ProtectSystem = false;
+    };
+  };
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
@@ -70,7 +87,7 @@
 
   #zenpower for ryzen
   boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
-  boot.kernelModules = ["zenpower"];
+  boot.kernelModules = [ "zenpower" ];
   boot.blacklistedKernelModules = [ "k10temp" ];
 
   services.xserver.desktopManager = {
@@ -96,4 +113,3 @@
   system.stateVersion = "24.05"; # Did you read the comment?
 
 }
-
diff --git a/systems/amd-server/hardware-configuration.nix b/systems/amd-server/hardware-configuration.nix
index f2bec97..08bee7c 100644
--- a/systems/amd-server/hardware-configuration.nix
+++ b/systems/amd-server/hardware-configuration.nix
@@ -23,17 +23,6 @@
     options = [ "fmask=0077" "dmask=0077" ];
   };
 
-  fileSystems."/data" = {
-    device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
-    fsType = "btrfs";
-    options = [ "compress=zstd" "noatime" "nofail" ];
-  };
-  fileSystems."/1tbssd" = {
-    device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
-    fsType = "ext4";
-    options = [ "defaults" "nofail" "noatime" ];
-  };
-
   swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking