diff --git a/configuration.nix b/configuration.nix
index e64be4d..38fbeae 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -42,7 +42,7 @@
     ./system-modules/postgres.nix
     ./system-modules/nx2site/proxy.nix
     # ./system-modules/nx2site/gitea.nix
-    # ./system-modules/nx2site/vaultwarden.nix
+    ./system-modules/nx2site/vaultwarden.nix
   ] else []);
 
   # Set your time zone.
@@ -99,6 +99,7 @@
     blueman
     dmidecode
     file
+    cowsay
   # ]) ++ (with pkgs-unstable; [
   # # sendme
   ]);
diff --git a/sops-secrets.yaml b/sops-secrets.yaml
index 83699ae..3499e89 100644
--- a/sops-secrets.yaml
+++ b/sops-secrets.yaml
@@ -27,6 +27,7 @@ nx2site:
     sslCertificate.pem: ENC[AES256_GCM,data:kBbfaOGVpNWjmvSdGHgrZpCJR5zNLBO/n6drBmjlQKRAprNDZbzTtyQIARze1O8UqkSP9Ld83F3Dg8e99NSAgVYekh4nGTzJoxy9wFCzdgSoME9GMLqwtHeWwVbP+Xb7oJWl4umRFIwLyITX/6w3k74hCiIhG0/Yuc6BQtklAtLaCGCLNVH5ir4mEzVjQWkIOJt32mktiLbwoB7c0z1tIJFFnFbrnSaS1YT2O6JenzM9dvGDX31ErhSSkcI6d+YO3NTt/mYStsWNUCtTFa1MljIp+MgMNxY7A2jEvvepvI8yVJWbXyaBt0aXpk9etMukR8qdCJcvzJlenvFFOykGQcM4suIGZr1uc10ChHwtUz3UgQkT4dhSpclF5J57VT6+OYw0wS6Hz4ltcqW0+BlmFUGuanXx/XMEwSqXooIMO+e/a8sI9932IyeTp/5s18IfiBk6zXr42Qcr/IprwRNKiL9HZSA7m2XzQa/OcxBHCTym7z+Pvad+IjgcLalEQLMd2jVRZflRUew1WN1UABO1uS7Otf3QrKejbxZ9ENa5oL7tgY+xZQfLWnnGWjXOx/0MPh6+HJ9AHa+4EMW8Ckz6nse54uDB6DFg3OQeM0qisw9mry92IDPie9Zz8tC3LQtnoyJ3pkZDULJgRXTk1FpnP1An1GlxeDkazYWSv3qSKgalI8kEK4Wf5aD8C+rJ0fcFc7ePXtxwdvZHHnaOlZJ65BVBJiYm6FSZ79sb4CpTlJlNuO74af99320YgNILjJIjjJOisELTE96JvZb0g+F6E7fJ5egTk+j2JowmHaQ3cWWhni3e3t79P411xqcqC67uZbW5p2mQbgQu5fJkmj+SxhS+Tl8wX2RkAow8P911+RC0RyBXviNaW9merezTmD8iFHOREbA1hOgHWayW1rN4kKYnnofOqLa0vdP6Adqm67W4FKTSlYUCSJuO9RjjrfT0CHk2sOUrlEaEmtk+rQWRFJ0gPmgUiMhg6X32J1cvmLUaG4EDJoT2tkVwiJmLblS5z8hBsK+7IbvJ87QPlhrWbaiMCGLUIkLAOL7CZmk9J/ozB8j8oBV5xotNm8p5z3TTrL2hOfLAi7vl3Y6Psf5hPMu6Bmy0uVpSK1euowMHsJOPdpC7wSRZfk7NMYpD5PZTljC839HhCG1bEvwC16b2IpmOqmR1YUpDmqRlPOH4Teh0WIGXHynpC14B3RY9ILuii1ZJhir4XcM8eWLYaUCm/MmeqEy/At1TtVtpfU7moU6o3uoT0ijHNUqmR/B2Kd+444oA0vAqRiWLGpxE9zZ3jacXJoqNy1unt+uQbFcwfc3ECVPxsM0HcDMetxQbXL0AR8YGnY/fbYm5C/OF4wr2ft3JdHZWOn4RzBVMkvjGl08OPIBgUqnGopC0Ic/Gxsuz3Z5Ip3jq58AFnyicqUQDtfDn9ILJEhphtqZiZNbR/9jO1jtF/bOjQKKyg4DXa4pdWCUZ/wCUX4Jx3fChQehA9QQqkPm/SIRyjfpC3idjFnvTJ6Ixgza+YLWmOU3lTrPB66RWw0/o1TP78f01PcO+MrLki0F/TSptW8yKMOTv4XhpuP7evjUNJLXEIswN+vlWQmeKMJXms6Ju/8zgZF9kgeChPELqRA2LBMzrU3IFaUrNWMpvFddOavlJgusNgh2uwrfoteYaRiovbaKDoYLA7fdVrkGqekhb+zrjcUbOP7uGCbO1AwZ5K0akLld6dMVw24enbpBjYS93+DM3X6v1Ij3IunvaxTovi366MfL7nA6bWikPgoLCfyoJs3uCIPcNqPw/nsu0ASGaMHIwkf2Zv8VppRFKof19FfihNa9enEIlP4iwi35xnFsHkDeKOiO+fz90BI+JtXtM+OQ4oEz0LNv4D3WB4kThJV2wK93UL85k/dA2a0eu9BKukwigXslym3QrCTh55Ag9JoMe/MfAg3qEgg4//P+/ftcYaCcPm1c0jhZZ99vzZ8our3ZmQ5wEUH/bBncACpIGWhfk9YQUZrBLBMM5NHMuNrLeeMOyhi7BtDXYmzkYJPnXcVpF6bg5Q9+LtFBytAskelwQOFV18AqSd9RYPGktC8Be0ZAQSkMdnvu+cx7aA/XMia+qk+U6/cb6A0jM4IrzR+LT6WjxBIzEZIKBgj2J8GcaWcuL3CXqbJz8idFC0DQlxUNPwoEVuDMLHZ3KpRVjKFUiEMB+BGx1ty/9rWiinEZJ30qnIPKZHhKkR9kKqNRripQ53XOiElCYpi0hpQYXJeNu6XAtFmaZo8eYXS6ikSLBI7n3VZUqEBULqq55brD8W/J4Fv6euv+LHc9d4TJXWVRHLezEFWV6aoGIrnpbzQ1FfgeRnst1DtlHTB5VJTuIHaeAC+jktMvQThVw/GSu0azyPy46/gmG4CI5XktkyGANGZPRvB5ViL2iVH01/nV+R2jbcS72HRUIG02bKPknmafw+WVlJoeFbm+jykM2kDn2AH16Ovs2DeSEapShruuewu2mJRTqb7pL2WK66oIgYOwU1bCkSeBKYqNuLtufoccsnI+4nLdCfek3UzHQPG81EwvaOA+/k/R1Lj3DQxWqkG1hURi6C5Id1u2vrqGWyxF/sBeRCFu32BJzEPUDX7+o66b2meVVi52V+79+UpRAjVSIRMoXhZdh9Yda6wCN/zTguQ3ceGtHIfxffy3twTXgB0vLzXoZdDU0QWKssDgm7BHszdaULwZK5SX4c4fUDVwDlyDXFoVoFN9j/YTGAP1i4WsU7ysqA6ynFbTepEqDr4paU0d9rx4R46YU3+xO/XXHeXJJmH+siAZil+TQ70p26auXLj4jkJKI//EKm1i2I64psZZGjuRaZWpVat5xcOkosqjBLsd9e9qTpVZtQ96sOKrGSmknQ4XRF+lXH42EHGNUnJuvmWrln8iiMYzXh582nINFDpYYywajiDCaxn1Zxalhgcm6ejAW5NVoCtVJ/JeWlQLM2oPOF3fpsmIy5mVo3oiG/yWTBrxj14fPppT5muDWs5tlrLEXzMxhM+xD6J24POfazpqR3oPG6bUclcp+9z1SpCCk8FEWLkF+K7o/3LAmsMXR0CuNbHHdwZTLEdHE7AMYPlWsi6ulWEM9/YaYtx5WjsL4EgFrxTuPRspQC4p63JbADWbDG6E987Z9NWIxT0vnuKY6AyGbV81pQ7KmSmk+FXW/i6QA9pjtHziwyqoniTtJMYzXq9Up2yeIPGLUN9ldJyzofdlhlSonjd9+4zkwe3nh8IGuimjOf0OzbOOf2Oo1vsuzFlMSGweo29B8Q2kCv1DRH6BIKAEqSTAZlY7EbB1cwjXBumpqNvMDpd6V2tqK/btxAhfAEseMXEPTH7dfXPkBYhcwiHiBsPFSQ3lhi3/C8AB+ACHGpLUQQyM+2r2mYOhrdf/lfk1BAl5YT8m95DwD2INWAS86k4I0YWUgodn0rXMxqZeo/GABnBjlDcstZDcBzuSVylZTyq7gL6uuAv79Kn0NX/ZqGUZ+GD2Tp3hNR9ULm7Iz9Z7HlRSN3mMuQyFMtuTZxyN+69lLv6LNgUxa3Wk/hPifmihYA2S4J4QiCfFiKQkW8IdDYgfv8MCUzVg0MusNonwvEiAHob6pMRhMvVr5a40EYT8a4pQKVAIxEJlKBXvololMwEYkVLOaUWcupeXYXSSNYkf+5K/q6HWnK6pIzOrl2ImftqvS+Cu59XZXDWWMDI4vOOtZ2wIAiWuetBkX4j9wuSxIx3jcBLne1nGCntCZbqlJRQI9rRCDFibaWGN3jr1X4bGJuac8bVe0,iv:r4vqXNMieiy9+E1ZIknUxQtxgEoZh7zSSrJ0yS5KQUs=,tag:AYX7RayP3dmNgUnkytQg7Q==,type:str]
     sslCertificateKey.pem: ENC[AES256_GCM,data:Wzmi17UA4mpCr4VaUolfKwZJEZ5K9Ybp2/K3noC/D/QYlgJfwWnQEoXDfLj3lVVnz0V/m71NAtZ9p3/jhiQCyIwt0cOmsAmd1isHf0KQwGagc8cHttwDeZT7AzLW4axqevpZM8bjVk/TJ/k+uGbArqSwgu2W7C77uCltSS8AydWzD2D7eQciDZzQ4yyHShW9f0SH8Q/wumuY4ksjLs4roYtQgtr1ezUb1U329xA1y81apd47RHviJ/moOBQYY2Y8fbNryUmfqvGYtsfXxmNElJpGAStqjBCo0bncOetP+bfj90CJlbkIn1JzcPOa5ZJjDg==,iv:28PcaWyOsQ8gN6qvZYDS3H4lKKlU7ihxxLUXMYgHPEY=,tag:6t+jvoAZkYlqg/2d8V5Emw==,type:str]
     dhparams.pem: ENC[AES256_GCM,data:wGIUlT8QHruxHvrlaUdEDU3aKkB5hvQLZXic1ryKr1hIFw9uOv1hOCOPY+QUDBzfm+DXv62hTFAeq4siAoZ0wWvQ0uBuSZZBGrfuY1ZTsTJmpgTphdHi+S4/kl/Vt7nuBlvdW8VbwU+mzmSK4UuIjuvAl0RI+q9C/BAu0tsXvKfaCkrbYwSi6pdPjToEoATPWfuCdkZUulENBIdBkTLZ6F97fgNgsXub2xOEIRxqFAzg3G2nO3Mn7rSRRJraZNIsHgBTYpSNcijDBwZpgYKjcKsochYUNzVrCuLOu5xJPUU87pmd+Rup2hpMfWyK0xtUjncvHyfctEZANqfo+RdEBg81n1WHkFb1WnWUsRh8RmcVZuA9skI5S7Xhp4L2B5IKn0XGnKLG3og9iYb9tDVQys4o5/68+jjxdm51fmRYo3FvghnyFCYkQ/tm+ClCcRSPocYDrfSf0Rvg2v9nPmMj0IrEHlzVnafiJgp3VjI9cYLNW2wKiwf0Z8dWkrtnS8G7p072+w0fklmvLrdvlLZduAwrY6gS2nMbPUz1AwjAoMmQi7sFmbkP6M/PmkVV+hNP7T9ntmC4BQr2k5/3gKZPOEPO/xeMLlla68QpDVxU06NhC0Z3d5t3YY0wIVISNZXi4fgQO0G5nvFpPyyWCvvg39gulyAwUJfFQ3erNNFTjJe7X9RjqoJvjTgFm4IaYcL64Cr49KDu6Za01g492rBCEL842o3lVmZSqOYCG3UEEsSwOxn2iROZKgorZ5dyd1n1WevM+pKTUAaucy52iLJGLISRAVv82ZkmbS5L4zMHkYxVjUnqrYIZsk6+7sRHIQ31E0YtUFdMjRYUcOwfR1u+Ox+zV1NawpKjsuhKl+DRN+Q1TXUdEumUU1pDHT/RXtNHsyYOgeCBbTs93kdhFcHgO0dh5Ou/2N8EcTzWwAYd/qyE3wMZZTggTb44xwu6h0XhaLtnAk2lZ4vXwSaozf+Vq/uxAvYLxrhx6ujKVyX/O053YsKqOPKerYoN17uO8PrKoA==,iv:e0RPF9ZtzSRBRzMtWTWY3AVGsMXxvldA2HjiW9hf97Q=,tag:eb9ACnuGR+8eqncWoKQ/pw==,type:str]
+    vaultwarden.env: ENC[AES256_GCM,data:9LcB2B/IJ2xQCTNKtRr9bBbtFqZMGSi/9jPozmGUtMvgeVqlljpbtVgCzH62oeUQMLeKQ0SxHsQ7GDgU25X6wVZ8qMT4hzVzNYJnXljs1/ePPN+NfCsPtnBjo+jQLvhVPb8gIGpmT/ZqNMXBLNpLWu2U3RQVzwlJS2wQsP4kbR+z2nuEL/bs52qI9cNmsRTA/C8gIQHCHJby+PTh6BbXp0Wvy0xI+KHKx2qSYiVXsjowid+0h56/Ma1cqUcZlxUiDSUYmTvmgYPzigFD9jOkg1mhHRIi8iste6EDVWB0jHcKMMihd7dMZ64/UUY2y5/ardIP9jUA,iv:/EQv/PYTIHANDjbjMe/BmY6dwjok9YsYj5iKLWyu0eI=,tag:IMcJ3nle9wJANuogrJBUuQ==,type:str]
 USERTrust:
     ECC: ENC[AES256_GCM,data:yVSxTKRhXXPwfY7STz4YOWjgBSINYG4zjISQ/9Q9Zn1gZl/wbDQjSk7prN5fSn9aVH46TbT2mPlRDt7jcfbEZ5JmUnIfDZ7JqrAukOxy7wLAF+m4R7/KdLmdM3xJ6cnH6Tm3KQjRPL26zN4BD3T1oqNw/NPxlfqWeMrjMYZSktmoNAwAjntIqrnoXIuEPKvAsqIbg+SLvrSo05DhDy48c16jSi5zzfQ9M4fEgsugw8y7BWF/eAooLsvnpinc3Ek0XpSy2QJoD9plaW0z1lUT/UFmVVZsLDejb5hbzOnklhjSgE8S7wO4Zmvnu3It5M1YATSR5PsaG7QqaP1w6dd2DdvSnfeVeS28AdgVnOUM2MwJsgTWlvtol6ErIxaUf3n3+PAXTubhH37auOoMDeFeu1lAAe2lKiQcCtpE9gy1dkZ3vSZO6eHq7REo1qauao2LrrgBfPS0p0nhMBjOiORDI06JkNwDFBktjBI9JFHBNfd/CMrgXhfsxujbVxFSD6VD7DxBb3TDgOAm5GS6YJVC5bxQx038GnHorBsUBeR6BzpxG/lrNcBdNaHKqjngBbQmYR/skbLlrJblDyXdI4Xyh55Eogz28rwT5HhjoWOGjAk9P2qk9QAqKcWuRXsS77jRIeD59cqq9EKDRzixEJntCvxxsS1LLYBG4vmzXk4qgb1vGUgNKUaVXPNjXX2ueaLtkEMkx9sMmKcyKLzLoD3/yPYEiUTwCoXaNf3o4OUrvli7mW7qzGrqXTQtQfOd7fMGupgjtR68dEQxP2M/J1725phvSUQNx8SuERMOwzHwd7Yt/Z5TKJ+B/m7uxYyVeo9QYlkHrjVAVLmHc6qnKGVZrSGSkdVVr4dksOc7gyB28MP7JZRADCnHq7+1jhRMCiOT51I/ZyrqWtTqDNBFATCeDDWF7qZcrzWq4GrWm2dmWwQlUm5lW7+MsVgrFowjnbbjwcWy2ROIPiiC3cQ7ztxqXMZZjHUVDa4OC19d4vsDETphTuFQtNHTWGnps/phrV5X5QfIC5nmrHqeyJR2YRNb1M/IZMD1nWFvDJG0B46ES03YaIrQYt46HK3Pd25arssGS+Gzx8p65NTriRBp+KAkGf8dN9+/bECHI8coWKXpi31Uu1GoN4tf0f3OoQtpq2mCF9wz9B/cl/j7jBVKN1/OPqmd/IWr737eYQLeJ/XOKs3W5+5bdnl5I0ewaipPYelUY/ZNWCMN91U8PInGrThnASRdCkNMPOzU56MIBj3gFWn/DIq/kaFpf5CFq3Zvniy5HIf/+ZyLhMH4v7O4GSgMCcomEXLlQJZ9K4ZPHo1IYfHJqi0OEfmZageDkRrD9434ByYibg1wJRVvZfUbh4HJjgIrf1yZhTAe4DVBpYnf7wuJIw0HkNRu4piiNw8LIh2ga+f36iDs5Nl0qaZtMR3gLUBiMxrLS3Yakuof+xcglzfVMo8YBD90qBFKke7OUi7CQCZw6orE/EJ8pxDTWL4sedcv/OowKo4xqh5PtUBAOljs7i1z/zHtr4Cr64SH6DW/2vp7gYA62+BPrbhSRJbW6wkWR2hWn4pYJLirKwUBasO1Iewpj6ps3if5IKVrv6kfFoFYfLF8cEpIDjek61OU15tjXRMZENR0vSQRAm9D92VGCXcD3gnW34jF+i6HnArPF8hJ8vDIAb7LYf0xuCZ0JU8QNIUqSdHIcH/GAZGNHAP2EBV+Xbffw9rIycPM4JUIPvbUNVnXsR4+Hc1URd1FkTDlvQEE3lWlPVtcbChbg/221OdKVewi4YwXFWQV45fbwsZX05FGunVBr+/G0SEGeJ25kud9YbP/C2K1i/GQeGw5ItOmThpkXr2X/OyonnFSXnYQjy6fwEBnAX2KPVTqY7T8OxgAj7UT63Niv+w68uoay/pgyuAUBKOQ3t4HmfXPaKm0bYNQNt0r8CTLIxqFxJZxJ1syTqnMXLOdowWpDpDszFHQChiFAOuBwK61dYjUC/OHFlxDkLKkKe38EuWdBCyGqHPfj7m23+h/E09u1WzwksUk9jm6DfyTAoz/MZGsbm9pSQl22qzC3og2SwUi+smgCSrcojp4q0W92onAAxe3siPAPIPpt1Gj8GRvkImHQ/rNQkgiJ4jJfN3epiJgBJ+YCGIByivV0XFLB/9UVu7Vw554/nG9BlfKJ9h0G7VPQgd5MJGvkLqJzCrPh6QyK9uOjbJLO4dWkmaL3oZr4IVbwGk3NXZ7oef7A4RFOHDDevJintMLz1ZOkaaJKWe6YoijmAC2tQNGMIoRw6YcLjcmVPJz12W+6MEPH3YOdUl3b/NnfScuTVYBSP0cFXlDwg/rphUD7oykohsLtPOWhYW/GWvAdV4iwZpzQ0yFHasYGiERPytDKmRffoILDoTOn4HGVVCQaGnm/o7pl5BU4hFQOzvUC4C4LYRwpsz7EaRp0Y3Qqt4S2Xc/k0E0W3XU+sVNSvoBgweNhDlKaefjjSSjDNza6l9fTS3XPTprrEhMU7CvDjpsC8vfd5QTiNDxC7XGJEa0FTiCr2Xyz3YM5c8jWOk1hNOcSvJ1GvZhUWw0pX/HaihI49WQqA4/4GtLfG9f5TkCsLanj0wzVLM7XntN5ol0H5R69nJ5mPLIGXsErG9A/Xai9ol9joVUIJVRwLx8iJEyGx8m1pyOENjOkudgnKFryoWsNGbQo6G+0JEvEAjUuApkYNJvqKNRKrw+GSjxRZtewo8V9rC5a6nsUOPK/U5WaF5UMxu/L4fk8jQltcBRhQpuPZboEo6KNmUzMsK3aweMrQdHnLDlOIoJiDqj9ySPv2C3aeVoKWiscQ==,iv:GS5GMpbxeweqwjUvOzqg59xBOzNZqrL5t7RjsFjpucM=,tag:j0MaMw71fnRHxeydlqAaww==,type:str]
     RSA: ENC[AES256_GCM,data:pgCzxri1wLZbl5e/KeVvtHRRe0XkdB8GLp2UbQOlJ9hRvRerJ6r8VhSSDh5vfySL6ow4urXzTG5oZwOcXeZgb+DgT3ZFS+npPvbzcc8T/hU8C5tVXYdqdLJHLXAmVG2nbkuIE6z7Bu8SngBZx1jXNBBl2W4vO6GcL0naNj2IyT+1nGhwuNdn4iMMTIjZhlF81PwYRY/TzcljyST4FZc4u/55oSUNrb8Z7KmhkrmaHNPFACTXiXli/zrPKfisztRvZZLfRZ57067/fiOTdwxXyiSxsh+oKRG8JlvdLQvjZ9tMGagzAafEyWVYyrVJIRBme9Uy4HtG/uOZ39gXVE+D8sh1GWftrmvjXPO2OdD/tIa6kskfZNWWFoEOtiRcKH+fuBTe7/ezjzqJA0qZvfwduXqkfVbNcS3YRNRM3jpLwGHDEv2hnVqn4bjB5We/1KBMCtbrHtAc26M3AepeAUy+ka1xW5WO9LsZ5ck1gnFrV5bkFWDr+evBRUuiId5QuAifkDsKlqLsWAeWFpgc7DdjUrpRG0yry8PFEOZP7w7D2/AEeoGc1dMDgX95mvs+0EmA4lutmt2fF14QZJwzhH39/TLGrRmjrohqJ0kD+h8XykBt1JbOPg91dnxmEJuESPNAxhotrj8xuuklvyLKAcfWWRJ1NIvbG6rmlL+m1x+2hUVw9gVGzyGaaSLOqG/6kHwIV2v+ZvCm+n3JBle+ooSi9mxgefVvJc28hSdC5SvNN0KyDvAY32NgOqYFPrvwx4QHxdm6D5jHXOoFEAkN4duSmDwmVGUq9fL5ds4v815a2Fgn2IZB1l82mLFgy4xaBPlbjrqRnuhgpRRbKu+eSNh13lTEwbrEKJfL89cX1Q9N4Y9aK/I7nq9lfybZ+XYXfoLU+7yXZ6gmm2hw6EkwvmAg1zPnoec5hCOZxotPYByvROOK4TyBCWoF2w+5vmSatZdodLwyoNWSsqtpowWHImCH/UZZ5NkBs0pWOnLBSuP32nFN5GN+0y1EKq+4AxL3pwutpo2iMAFlXI5lu5S4fP6nreZUsYqpp9QpwQtmSbU3iMC4bMSHA4LrhLSCfa3AClVirB4xabCnDWDa8tD5j40Zy0gqk289/qbcmmNC9RpTzrI3aag/hZx4eKjb92Ma5s4E2FZL0BQVrdQ8vD0yuhIaU0qp0ahU1D0/H+HS6Gsi1mfWsfNhsSBBDW0IVC/+8zFxvWYysbVPJJj7m7JY0IwW1yKzPvPnMdkWVS8OcJoODa97V15TaXt7yAstmCVYGZS9qc6VurF5MqQM6c4PluJXPyMlZAwQojrnaCuGuljXpmot5M62MvNMdh4psfa0Y1YiCWjer8XtmYhVvzQPepD/YhsouMrCRGD5pxaXozhoS1bUVD9ReBQb9Gg2sQr8MEQ8oNB/a6fLmNwqY7IWmk9pAhBmk5ng120LS5q+3vjj/hw9+Dz6Ojp6BAVNGs1us5YW86GSSlqVmLew4p+HBiYQyhFCmi9p1WIjrNyT/oHUDYGreL2A6NEo6aePPYeVtbNEYi0UahEscGUrqu953MV+PpbanJI7WHKpHek3Nsdgwyel4V9wjgxSpLWvfwj7QqXL8Xngoyd/4FL+G9MvLc3cDYhIFAryBvqRgXrwRk3CkAijzpk/2hui0qlhmDza8KRpfo/4bwz0i4d/wRyWe3+24WY1CjPkDzclc3VZVQDiSg6KsUQvGnc6Wv1+awjE2kA18j3NR4RYBXgxEflj5Ft2BLG6rq+RakLguXDCAMQA4hcx1L+ThDCdn09c58H9Uc/GRLE5uuFRgLB5UtsQimGXuXzxsA3YIN3CijT6NJTKH9WCvQ4tZnk0Jq73rq4oynTCbZBVPgQi5SrfD1Zr0eXgmirLQZFCEV4EqNrtheZ+vqTkWf7rrvG04C6QqLIHWttdsL3ejfB6ddfwM/sou1JmmgTzEo52CCYf1otKNQwD+shx7Xcrm17vu+v57q6bOQrbeBNb/MDPm8qH4/J89NgSKHO8kzvfAm2qWxmr+90Of0cxVT5l7IdnOBCuYSHgTLIALgTmLmKvPm9l/pOjfIQZmvJ7Alo/eqKfcPw6uwoSDn/5+Pj1c9p2ub1CwRZKZlnULQLI0uyw5eQGceOsuivjO6iQjsk4iGecvlGYwZtlqidz359zCysMSuKrXS+XNGT1xy7fmnyct72HJvSeyq8bSNSAEc/iW+ia9n1GJDj4vW84v/zwi0dm1s/qKnq5M2m/pUvZembcOK/1vY0tsD2McTqIjgKPDS0UO3lgEr8vHFok5kJrU3rVV8iJeLHv3oCzKvjgR9jjqdlceRjSJarVFz1lSxenzoVq0JcH2cde2yQ3vdPusEd2LZC2tVYgqPprp/zOSbWsJPq57eiUl/UX2vOuNAV28HXVIuDqs27q2BOlUvBLCirIurjlONXpdRybN3dtevk/lIel0aRU5L5g9Mr1zhtHsoo6WI0In+RzFsD63AsBNDoufVmXgHr0G/bZLwPCdk1xCeEKv1Bq4fpappx8iEQv5GtwZBkPh8N8D0+ngbccx5N0pMcL2BM/HqeRDXR1Tw72EVEG8Bx4Twue5NBi6rtlfDnDvAj524fylSMSPgab8zq3tY9DnIci3ajnRYpIO3uDgH5cbMxqEb6gnpQNkzVUk0yJXR8nvS8qT6TbryX94howqnrID/8HQZ13ja2d8pW4Sro4+xI9WFFSx8bFSeBjhj4nzyvsyam9nJGDJnuYtNEod/CBMjkRPbBq1doske2twYLudoEObY3FXdZJ5VfiD/zGKXPHjL+pd9L8V2QFicazwE4CcIDoSaOr44VADVwh/Iu6Wr1fVZvmSRPmorlRS4DnUDXEC4dl+C2Z9JhxuL9CEoin+k6yILXsBcRrp2LrRs0U6IW2rVrrtD9MzBosjOGflVABVGhCA4q0LOWF+/5NonHaeB3E0mntFyTvuGTEN2fhnrpW86UERIXOySKTm6nN6BcgmvozgGKQ49jdzuzqVjfWGI9isL9UBNmkamrqbYmdqpoIiWycS7Aeyfh6XWMR+zEjeImqvdF8RQs7Ro9MJWj5Bm5bXs+gaLV4vzNj9/ZzzHZs/UmkBWEPtYs/5KO89Xj9lHBSVfE1c/sM6iDaGLOeO1v2MAIecOoMvIjBJ/YilYJmyywuILjxGN25jlyPVEy5DWnUOSIln6G9eyDjs3VLNsITXFH1co+M2KhDr9sQqJ5lKBitpZUsl/4KI2uiAXm7+kuQOn/27NDBZ0PdW8cwyVg2tirGJDvkmDH1umCas5/OhDEfu7+N9oW6wMpZCeR2lJwS0nTSEkk2Gis7WisgB7j9yY0evOeSecaKaq9RFxg2T3qJ9QR+ZssCXacezSZm/PTa2BByHeHJJ/P6p/f+rg+hziMkESOqx6C4BgGeEZKTAdwTyRfNmsp4bdg9XcqZAgnhtSHb24qAf7Upd/ttwS496H8HdS5bTrmSr8/JvwIKy+rs+id7CzcKYc2HEq0FSUt473Vb3s7kS2YDiqnGW7BRLIPDMApLuCDYeFfHExZhdtbX7O415herG52VffHfAoVfr+DQfipqkDUqno7+coZxthnBY1e8V4bJTcul36CO/sB2vP2/4yfzv/HSuviVVRLY58cGBVk9lSiTBQao3+N/f8a23k1wqEFy60uL4jW4X9swgFed8Q48kAUq9SSfxnKHeQrKrvo9rPHGcetrCC2GQP1u0gHD1TV4F1JGloN8MhMlBGtwBGhOIFcQvUomiTqNrDCobqOqcLUJuVL7jZ+Saw6CiH1QJrSQZ5QuCW9XHoOOgvZzdPqEGuSb6nky2OQ1EjLMQtp7SsrwYp32lkWJ9RY3OUk3LLvTM8Exxg56nDqiOopg0GaWAhf4H4MTrAlssM69epH+5SaJyUEhweg5BZP3mY9FnnkdhG7W9JeDQXu1JOhSm7Td0ForDAoznBcID3SacOCbeSAqtGRBZGxnXFN01MTmUnA7Sy+Sm1WoN+o9u28ttG372sVavQlDZvM+9qXr15hcXt/IYscnbpgw0L7DrcZ4RWb8ATtOov8zhtlwB7QvDQ1LX2g2+5Ag2QcuQJmAYH731XnctUsrCmPKfCVh3CzdNS7DH90bli3cC4t+fpAuAXVNh5wPrCEb9Xco/WUKYe6XNS0Z/xi7PbGBH0s6ThYNzCFbwH4e4CDwD8uP7UA6iL+Uuts5Cz5Fcm7WMqPDFYFAdcA38fOWpXqVRYo6Dan8x/RNAPVNko6MnwXeq061jz7XTk6zEpNymxgjNPJRgcvhItfDHtrGpUqSIJxkQv0g3wppXnWlNX6zGIelUJmLkWuJUJfbznXTdkCr+oF5vwuauwO8iCx/h+7AZBD61w47BmRQLLdDP5I2ptdbrIN4ygouDUVE6bwiw2nhBZuR9ufzcO+WyWNHt5h/N5IuErH/5QcfJOBVRcJYuyFgEWrFax7fiwMCzgKhxN0x1WHa7F8gxGNTIGG9QVNf/6tpYVCAao4pQGErxKVqfVQ1374zbsFSy5PF0oyW5ueEQOVJ82RBjwYtLjX2gXY56nfdLy+D22S3XEHeHLLLg16Vtkf4Twmvzkxjc/YfN2vxu8d5tFbHnyanicj3SBgiiZLvg5iDwjtfONFQ6oX0vfoJ7B5xBsnxiLptx+HPN2onwsF/e7pCl0cTRTLO8Jt7Z8Ob0FYcmd31R2d8paemcIRzfgsqS2JWtJBckAqeQit+Gn+U82aKGew+1FVjlGUrwTO6Q6ztXh75B71V3urA65MaLRX5/7t3nGE8FKip+KfG+yTCHu0F411obb8TME+YwBfz8M4kDUBVtmFUrXEEF9aYD/atxxF02yB/ABPybB6Zcyo5r/U6P0G6jVUGXn3hgQkl1OzkQt06aH/J/LwMN271gc8whsV3pfZC3YfQ3212BAviAshfPyNtHPkShpu6fx5iVDoaL5LHS/A1K7kQ5yya4ECCndpTpF1rYamNVw9a5m64Tma3AGFORy6ZQfaHcV2w0RUs3P3ZXGPcuE2VKeTLLGG43W/FbqGAvxjax2j3qGtZ99Ox85ZAVu5O6PvZSvGSpUW6ebGTCsAgSz5h8V8TfWpaQtR0RrjuzGWoWiW5R2VqfmmIQcn34+t2GgfkZB5QH/o7S5z86UL05dLzdyXXyxIn5sWi0Q1B3yAjFCOVstaAr92fGfx+JHOrMFFKu+bLBpez8lE6f+h4HHzTDVnIB1Zb7d3wNwLVk7PmFy6NeByj0kmjY3Ts5pWctWAAQkI+nOtuM4o101AwCMdMfj3M/mr1J7OWy3Rxgaj58IknfPJpeoMhgkvu66WrkgS3XZE6e/n55sPkGHSDMcHTm2364+oJOSMzDUAJgGjDt9Jvalo1wruDA5pPF4F6y/F/8njO8qkoXnuWRG5BpzO66LwDTDOcUCCFzym6eRBnLo9sGbGZxlvRRSHwIRMa80tcqZqbAuVeW+2/PiSMN7zhzLTNdzhaC4cIOuilcdat1+//+qI3OWC5y9sti3qGuHO1U8rhSOw8Laac7JgOGCo3FkekHe8PaFF8jSDliQnodO8rGCY36xHTQkUsQjb+5ginp/dBIAUIR3QxXsMaxP/yBLpRbvFhD3DeOJRQXWdLijTcxAxLhTIPav2WC1mwyve+Jd0djTajSBgSzPzHW5ajUBaol+dVJeCD9HqiOrUMEmcMQFZZcA+RCJdIOvkKlt/sAnhQ4RuwPmzck2RMXCQfiYn0pqpJDXmF7xWgvGDBtQKP7xLE1Hj5No2q85KjLsWu8xK99Y+j2ixfBsgdc53CR4rNplnPsFzBHOucqd+Ve0/gqZgF81RbGFV1T9Wn1XFrE0e7+EkNejKj7deRmy31PnVLcBp2NwtIkhrJ06J8hmGquwUm,iv:NJkjWL5kMHET68oR5Xp22kvkThXIp7WxRVajmTfsB5M=,tag:NSXeRItMKlOQYP4QtzMKIg==,type:str]
@@ -80,8 +81,8 @@ sops:
             SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L
             yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-10T17:15:08Z"
-    mac: ENC[AES256_GCM,data:VIPBKaDhSV7TG+pbo1OtdREJeqwdXqqDETeXkvhIs0Bz/c01MZXqPgubINW9tSLrNewFWSU5xI0O7L2ExBIjZxJ/nEmQkNkN+CUy1uGwatxsqa7gyVs1gXpIPPUGgStDMu8iukUSj9mLg9xQwGu0hGoC7DCbGqpu7blbUUzg0dE=,iv:+cR1vV7O3VdacP4MwAFkyBjKnqteL6AuV1H3Hh5hz28=,tag:WV/NHHPxvlkdslZbb0FBXA==,type:str]
+    lastmodified: "2024-11-12T11:43:15Z"
+    mac: ENC[AES256_GCM,data:pTPpth9Yx8YqCBhdoj5zwMNWVICwl2YIweEoqujainoizgTr4SIWE1dF+NUpYOYk/csZMvEImo9lJe6ywF5Yd9p+x4NyWAVIwGR5ylFT574u59ow/y2lTGWoiPS4oKjUFhdM2APk8Mfgk2/yP+ZyW0X2tiYz9CYp16v0xW8mtRk=,iv:kqRR/YMJDNLws4FtvCrE7JVVanXZ2zzYiC+Z6m6g/tk=,tag:OOGSofEVs+ms52dJ3WJmQQ==,type:str]
     pgp:
         - created_at: "2024-06-09T19:44:41Z"
           enc: |-
diff --git a/system-modules/nx2site/gitea.nix b/system-modules/nx2site/gitea.nix
index 746c90f..6f877ea 100644
--- a/system-modules/nx2site/gitea.nix
+++ b/system-modules/nx2site/gitea.nix
@@ -1,12 +1,16 @@
-{ config, pkgs-unstable, domain, ... }: 
+{ config, pkgs, lib, domain, ... }: 
 {
   sops.secrets = {
-    "postgres-pw" = { owner = "gitea"; };
+    "postgres-pw" = { owner = config.services.gitea.user; };
   };
 
+  environment.systemPackages = with pkgs; [
+    gitea
+  ];
+
   services.gitea = {
     enable = true;
-    package = pkgs-unstable.gitea;
+    package = pkgs.gitea;
     group = "gitea"; # default
     user = "gitea"; # default
     appName = "NxGit";
@@ -26,20 +30,20 @@
       name = "gitea"; # default
       user = "gitea"; # default
     };
-    dump = {
-      enable = true;
-      backupDir = "${config.services.gitea.stateDir}/dump"; # default
-      file = null; # default
-      interval = "daily";
-      type = "zip"; # default
-    };
-    extraConfig = null; # default
-    lfs = {
-      enable = false; # default
-      contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
-    };
-    mailerPasswordFile = null; # default
-    metricsTokenFile = null; # default
+    # dump = {
+      # enable = true;
+    #   backupDir = "${config.services.gitea.stateDir}/dump"; # default
+    #   file = null; # default
+    #   interval = "daily";
+    #   type = "zip"; # default
+    # };
+    # extraConfig = null; # default
+    # lfs = {
+    #   enable = false; # default
+    #   contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
+    # };
+    # mailerPasswordFile = null; # default
+    # metricsTokenFile = null; # default
     repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default
     settings = {
       log = {
@@ -47,17 +51,17 @@
         # LEVEL = "Error";
         ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default
       };
-      i18n = {
-        LANGS = "en-US";
-      };
+      # i18n = {
+      #   LANGS = "en-US";
+      # };
       server = {
         DISABLE_SSH = false; # default
         SSH_PORT = 20022;
-        DOMAIN = "pw2.${domain}";
-        HTTP_ADDR = "http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
-        HTTP_PORT = 3000; # default
-        PROTOCOL = "http"; # default
-        ROOT_URL = "https:pw2.${domain}/"; # default
+        # DOMAIN = "pw2.${domain}";
+        # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
+        # HTTP_PORT = 3000; # default
+        # PROTOCOL = "http"; # default
+        # ROOT_URL = "https:pw2.${domain}/"; # default
         STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static";
       };
       session = {
@@ -69,3 +73,108 @@
     };
   };
 }
+# APP_NAME = Gitea: Git with a cup of tea
+# RUN_MODE = prod
+# RUN_USER = git
+# WORK_PATH = /data/gitea
+
+# [repository]
+# ROOT = /data/git/repositories
+# ENABLE_PUSH_CREATE_ORG = true
+# ENABLE_PUSH_CREATE_USER = true
+
+# [repository.local]
+# LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+# [repository.upload]
+# TEMP_PATH = /data/gitea/uploads
+
+# [server]
+# APP_DATA_PATH = /data/gitea
+# DOMAIN = git.nx2.site
+# SSH_DOMAIN = git.nx2.site
+# HTTP_PORT = 3000
+# ROOT_URL = https://git.nx2.site/
+# DISABLE_SSH = false
+# SSH_PORT = 22
+# SSH_LISTEN_PORT = 22
+# LFS_START_SERVER = true
+# LFS_JWT_SECRET = aitnnoway
+# OFFLINE_MODE = false
+
+# [database]
+# PATH = /data/gitea/gitea.db
+# DB_TYPE = postgres
+# HOST = giteadb:5432
+# NAME = gitea
+# USER = gitea
+# PASSWD = -lkjlkj
+# LOG_SQL = false
+# SCHEMA = 
+# SSL_MODE = disable
+
+# [indexer]
+# ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+# [session]
+# PROVIDER_CONFIG = /data/gitea/sessions
+# PROVIDER = file
+
+# [picture]
+# AVATAR_UPLOAD_PATH = /data/gitea/avatars
+# REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+# [attachment]
+# PATH = /data/gitea/attachments
+
+# [log]
+# MODE = console
+# LEVEL = info
+# ROOT_PATH = /data/gitea/log
+
+# [security]
+# INSTALL_LOCK = true
+# SECRET_KEY = 
+# REVERSE_PROXY_LIMIT = 1
+# REVERSE_PROXY_TRUSTED_PROXIES = *
+# INTERNAL_TOKEN = faaaaakeeyJuYmYiOjE3MTMxMTAzMjN9.iliwlrfZDTb8oL296gpXRYhC-6_AJdjePO7dk3NT-PE
+# PASSWORD_HASH_ALGO = pbkdf2
+
+# [service]
+# DISABLE_REGISTRATION = true
+# REQUIRE_SIGNIN_VIEW = false
+# REGISTER_EMAIL_CONFIRM = false
+# ENABLE_NOTIFY_MAIL = false
+# ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+# ENABLE_CAPTCHA = false
+# DEFAULT_KEEP_EMAIL_PRIVATE = false
+# DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+# DEFAULT_ENABLE_TIMETRACKING = true
+# NO_REPLY_ADDRESS = noreply.nx2.site
+
+# [lfs]
+# PATH = /data/git/lfs
+
+# [mailer]
+# ENABLED = true
+# SMTP_ADDR = smtp.gmail.com
+# SMTP_PORT = 587
+# FROM = git@nx2.site
+# USER = lennart.kurzweg.lk@gmail.com
+# PASSWD = "ihh"
+
+# [openid]
+# ENABLE_OPENID_SIGNIN = true
+# ENABLE_OPENID_SIGNUP = false
+
+# [cron.update_checker]
+# ENABLED = false
+
+# [repository.pull-request]
+# DEFAULT_MERGE_STYLE = merge
+
+# [repository.signing]
+# DEFAULT_TRUST_MODEL = committer
+
+# [oauth2]
+# JWT_SECRET = redavt
diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix
index e6aa7a9..df9f34a 100644
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -110,7 +110,9 @@
       };
       "pw2.${domain}" = vh // {
         listen = dl;
-        locations = let d = "127.0.0.1:3000"; in {
+        locations = let 
+          d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}"; 
+        in {
           "/" = { proxyPass = "http://${d}"; };
           "/admin" = { proxyPass = "http://${d}"; };
           "/notifications/hub" = { proxyPass = "http://${d}"; };
@@ -126,8 +128,9 @@
         locations = { "/" = { proxyPass = "http://git.docker:3000"; }; }; 
       };
       "git2.${domain}" = vh // {
+        http2 = false;
         listen = dl;
-        locations = { "/" = { proxyPass = "http://127.0.0.1:8222"; }; }; 
+        locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; }; 
       };
       "~^(.*).${domain}$" = {
         listen = dl;
diff --git a/system-modules/nx2site/vaultwarden.nix b/system-modules/nx2site/vaultwarden.nix
index e69de29..c7fe7e7 100644
--- a/system-modules/nx2site/vaultwarden.nix
+++ b/system-modules/nx2site/vaultwarden.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, secrets, domain, ... }:
+{
+  sops.secrets = {
+    "nx2site/vaultwarden.env" = {
+      owner = "vaultwarden";
+    };
+  };
+  services.vaultwarden = {
+    enable = true;
+    package = pkgs.vaultwarden;
+    webVaultPackage = pkgs.vaultwarden.webvault;
+    dbBackend = "postgresql";
+    # backupDir = "/var/backup/vaultwarden";
+    environmentFile = config.sops.secrets."nx2site/vaultwarden.env".path;
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+
+      DATABASE_URL = "@DATABASE_URL@";
+      # DATABASE_URL = "postgresql://vaultwarden:fakepw123@127.0.0.1:5432/vaultwarden";
+      
+      SMTP_HOST = "smtp.gmail.com";
+      SMTP_FROM = secrets.email.gmail-online.mail;
+      SMTP_PORT = 587;
+      SMTP_SECURITY = "starttls";
+      SMTP_USERNAME = secrets.email.gmail-online.mail;
+      SMTP_PASSWORD = "@SMTP_PASSWORD@";
+      LOGIN_RATELIMIT_MAX_BURST = 10;
+      LOGIN_RATELIMIT_SECONDS = 60;
+      DOMAIN = "https://pw2.${domain}";
+      INVITATION_ORG_NAME = "NxPW";
+      INVITATIONS_ALLOWED = true;
+      ADMIN_TOKEN = "@ADMIN_TOKEN@";
+      SIGNUPS_ALLOWED = false;
+      SIGNUPS_VERIFY = true;
+      SIGNUPS_VERIFY_RESEND_TIME = 3600;
+      SIGNUPS_VERIFY_RESEND_LIMIT = 6;
+      EMERGENCY_ACCESS_ALLOWED = true;
+      SENDS_ALLOWED = true;
+      WEB_VAULT_ENABLED = true;
+    };
+  };
+}
diff --git a/system-modules/postgres.nix b/system-modules/postgres.nix
index 35909af..f37ad51 100644
--- a/system-modules/postgres.nix
+++ b/system-modules/postgres.nix
@@ -23,7 +23,7 @@
  			# recoveryConfig = null;
 			ensureDatabases = [
 				"gitea"
-				# "vaultwarden"
+				"vaultwarden"
 			];
 			settings = {
 				port = 5432; # default
@@ -48,7 +48,11 @@
 				{
 				  # as liong as there is no declarative user management you gotta set a pw by hand
 					# sudo -u postgres psql -c "ALTER USER gitea PASSWORD 'new-passwd';"
-					name = "gitea";
+					name = "gitea"; 
+					ensureDBOwnership = true;
+				}
+				{
+					name = "vaultwarden";
 					ensureDBOwnership = true;
 				}
 			];