diff --git a/.gitattributes b/.gitattributes
old mode 100644
new mode 100755
diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
diff --git a/.vscode/launch.json b/.vscode/launch.json
old mode 100644
new mode 100755
diff --git a/.vscode/settings.json b/.vscode/settings.json
old mode 100644
new mode 100755
diff --git a/configuration.nix b/configuration.nix
old mode 100644
new mode 100755
index ff737e2..558a2b4
--- a/configuration.nix
+++ b/configuration.nix
@@ -12,6 +12,7 @@ in
     ./system-modules/dm.nix
     ./system-modules/networking.nix
     ./system-modules/virtualisation.nix
+    ./system-modules/sshd.nix
     ./system-modules/hsmw.nix
     ./system-modules/docker.nix
     ./system-modules/health_reminder.nix
@@ -48,10 +49,6 @@ in
   services.xserver.libinput.enable = true;
   hardware.uinput.enable = true;
 
-  # log into this machine
-  services.openssh.enable = false;
-
-
   hardware.bluetooth.enable = true; # enables support for Bluetooth
   hardware.bluetooth.powerOnBoot = true; # 
   services.blueman.enable = true;
diff --git a/flake.lock b/flake.lock
old mode 100644
new mode 100755
diff --git a/flake.nix b/flake.nix
old mode 100644
new mode 100755
diff --git a/home-modules/bitwarden.nix b/home-modules/bitwarden.nix
old mode 100644
new mode 100755
diff --git a/home-modules/chatterino.nix b/home-modules/chatterino.nix
old mode 100644
new mode 100755
diff --git a/home-modules/discord.nix b/home-modules/discord.nix
old mode 100644
new mode 100755
diff --git a/home-modules/email.nix b/home-modules/email.nix
old mode 100644
new mode 100755
diff --git a/home-modules/fish.nix b/home-modules/fish.nix
old mode 100644
new mode 100755
diff --git a/home-modules/gestures.nix b/home-modules/gestures.nix
old mode 100644
new mode 100755
diff --git a/home-modules/git.nix b/home-modules/git.nix
old mode 100644
new mode 100755
diff --git a/home-modules/gtk.nix b/home-modules/gtk.nix
old mode 100644
new mode 100755
diff --git a/home-modules/hyprland-autoname-workspaces.nix b/home-modules/hyprland-autoname-workspaces.nix
old mode 100644
new mode 100755
diff --git a/home-modules/hyprland.nix b/home-modules/hyprland.nix
old mode 100644
new mode 100755
diff --git a/home-modules/kitty.nix b/home-modules/kitty.nix
old mode 100644
new mode 100755
diff --git a/home-modules/latex.nix b/home-modules/latex.nix
old mode 100644
new mode 100755
diff --git a/home-modules/mako.nix b/home-modules/mako.nix
old mode 100644
new mode 100755
diff --git a/home-modules/nh.nix b/home-modules/nh.nix
old mode 100644
new mode 100755
diff --git a/home-modules/nixvim.nix b/home-modules/nixvim.nix
old mode 100644
new mode 100755
diff --git a/home-modules/nvim-lua/options.lua b/home-modules/nvim-lua/options.lua
old mode 100644
new mode 100755
diff --git a/home-modules/nvim-lua/plugin/cmp.lua b/home-modules/nvim-lua/plugin/cmp.lua
old mode 100644
new mode 100755
diff --git a/home-modules/nvim-lua/plugin/lsp.lua b/home-modules/nvim-lua/plugin/lsp.lua
old mode 100644
new mode 100755
diff --git a/home-modules/nvim-lua/plugin/other.lua b/home-modules/nvim-lua/plugin/other.lua
old mode 100644
new mode 100755
diff --git a/home-modules/nvim-lua/plugin/telescope.lua b/home-modules/nvim-lua/plugin/telescope.lua
old mode 100644
new mode 100755
diff --git a/home-modules/nvim-lua/plugin/treesitter.lua b/home-modules/nvim-lua/plugin/treesitter.lua
old mode 100644
new mode 100755
diff --git a/home-modules/nvim.nix b/home-modules/nvim.nix
old mode 100644
new mode 100755
diff --git a/home-modules/nx-gcal-event.nix b/home-modules/nx-gcal-event.nix
old mode 100644
new mode 100755
diff --git a/home-modules/office.nix b/home-modules/office.nix
old mode 100644
new mode 100755
diff --git a/home-modules/pnx.nix b/home-modules/pnx.nix
old mode 100644
new mode 100755
diff --git a/home-modules/pnx/pnx_rdp_srv-phoe3-vmdms_192-168-1-104.remmina b/home-modules/pnx/pnx_rdp_srv-phoe3-vmdms_192-168-1-104.remmina
old mode 100644
new mode 100755
diff --git a/home-modules/pnx/pnx_rdp_srv-phoenix-3_192-168-1-108.remmina b/home-modules/pnx/pnx_rdp_srv-phoenix-3_192-168-1-108.remmina
old mode 100644
new mode 100755
diff --git a/home-modules/pnx/pnx_rdp_srv-phoenix2_192-168-1-101.remmina b/home-modules/pnx/pnx_rdp_srv-phoenix2_192-168-1-101.remmina
old mode 100644
new mode 100755
diff --git a/home-modules/pnx/pnx_rdp_srv-remote_192-168-1-21.remmina b/home-modules/pnx/pnx_rdp_srv-remote_192-168-1-21.remmina
old mode 100644
new mode 100755
diff --git a/home-modules/python.nix b/home-modules/python.nix
old mode 100644
new mode 100755
diff --git a/home-modules/qt.nix b/home-modules/qt.nix
old mode 100644
new mode 100755
diff --git a/home-modules/rofi.nix b/home-modules/rofi.nix
old mode 100644
new mode 100755
diff --git a/home-modules/ssh.nix b/home-modules/ssh.nix
old mode 100644
new mode 100755
diff --git a/home-modules/starship.nix b/home-modules/starship.nix
old mode 100644
new mode 100755
index b5fae80..69dbec1
--- a/home-modules/starship.nix
+++ b/home-modules/starship.nix
@@ -169,9 +169,9 @@ lib.mkIf (user != "tv")
       vcsh.format =                 "[\\[vcsh [$symbol$repo\\]]($style)";
       hostname = {
         format =                    "[\\[$ssh_symbol$hostname\\]]($style)";
-        ssh_symbol = "爵";
+        ssh_symbol = "󰖟 ";
         ssh_only = true;
       };
     }; 
   }; 
-}
\ No newline at end of file
+}
diff --git a/home-modules/virt-manager.nix b/home-modules/virt-manager.nix
old mode 100644
new mode 100755
diff --git a/home-modules/vscode.nix b/home-modules/vscode.nix
old mode 100644
new mode 100755
diff --git a/home-modules/waybar.nix b/home-modules/waybar.nix
old mode 100644
new mode 100755
diff --git a/home-modules/wlogout.nix b/home-modules/wlogout.nix
old mode 100644
new mode 100755
diff --git a/home-modules/yazi.nix b/home-modules/yazi.nix
old mode 100644
new mode 100755
diff --git a/home-modules/zoxide.nix b/home-modules/zoxide.nix
old mode 100644
new mode 100755
diff --git a/home.nix b/home.nix
old mode 100644
new mode 100755
diff --git a/nxlib/ricelib.nix b/nxlib/ricelib.nix
old mode 100644
new mode 100755
diff --git a/secrets/passwords-and-certificates.nix b/secrets/passwords-and-certificates.nix
old mode 100644
new mode 100755
index 40e0a49..45af7f5
Binary files a/secrets/passwords-and-certificates.nix and b/secrets/passwords-and-certificates.nix differ
diff --git a/system-modules/boot.nix b/system-modules/boot.nix
old mode 100644
new mode 100755
index 2b63c99..1c09650
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -22,8 +22,8 @@
       device = "nodev";
       # useOSProber = true;
       efiSupport = true;
-      theme = grub-theme-ascii-diana;
-      font = "${grub-theme-ascii-diana}/unicode.pf2";
+      #theme = grub-theme-ascii-diana;
+      #font = "${grub-theme-ascii-diana}/unicode.pf2";
       fontSize = 50;
       splashImage = null;
   
diff --git a/system-modules/davmail.nix b/system-modules/davmail.nix
old mode 100644
new mode 100755
diff --git a/system-modules/dm.nix b/system-modules/dm.nix
old mode 100644
new mode 100755
diff --git a/system-modules/docker.nix b/system-modules/docker.nix
old mode 100644
new mode 100755
diff --git a/system-modules/fuse.nix b/system-modules/fuse.nix
old mode 100644
new mode 100755
diff --git a/system-modules/hardware-configuration.nix b/system-modules/hardware-configuration.nix
old mode 100644
new mode 100755
diff --git a/system-modules/health_reminder.nix b/system-modules/health_reminder.nix
old mode 100644
new mode 100755
diff --git a/system-modules/hsmw.nix b/system-modules/hsmw.nix
old mode 100644
new mode 100755
diff --git a/system-modules/networking.nix b/system-modules/networking.nix
old mode 100644
new mode 100755
diff --git a/system-modules/nvidia.nix b/system-modules/nvidia.nix
old mode 100644
new mode 100755
diff --git a/system-modules/nx2site.nix b/system-modules/nx2site.nix
index ac674a7..7521253 100644
--- a/system-modules/nx2site.nix
+++ b/system-modules/nx2site.nix
@@ -5,14 +5,16 @@
   ] else [];
   
   config = lib.mkIf (host == "NxACE") {
-    security.acme = {
-      acceptTerms = true;
-      defaults.email = "acme@nx2.site";
-      certs."nx2.site" = {
-        dnsProvider = "namecheap";
-        environmentFile = ../secrets/nx2site/namecheap-creds.env;
-        renewalInterval = "*-*-02 00:05:00";
-      };
-    }; 
-  };
-}
+  #    security.acme = {
+#      acceptTerms = true;
+#      defaults.email = "acme@nx2.site";
+#      certs."nx2.site" = {
+#        dnsProvider = "namecheap";
+#        environmentFile = ../secrets/nx2site/namecheap-creds.env;
+#      };
+#    };
+    # services.nginx = {
+      # enable = true;
+    # }; 
+  }; 
+ }
diff --git a/system-modules/ollama.nix b/system-modules/ollama.nix
old mode 100644
new mode 100755
diff --git a/system-modules/sound.nix b/system-modules/sound.nix
old mode 100644
new mode 100755
diff --git a/system-modules/sshd.nix b/system-modules/sshd.nix
new file mode 100644
index 0000000..9f42f61
--- /dev/null
+++ b/system-modules/sshd.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, lib, secrets, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    ports = secrets.nx2site.ssh.ports;
+    settings = {
+      PasswordAuthentication = false;
+    };
+  };
+}
+
diff --git a/system-modules/users.nix b/system-modules/users.nix
old mode 100644
new mode 100755
index 9dfce27..0783f8d
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -7,6 +7,9 @@
     isNormalUser = true;
     extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ];
     useDefaultShell = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzEtnN/GrgXK7yz+0z1x6rKHhYYQhTOFQ6c6Faz79g2 Nx2-ed25519-ssh-key"
+    ];
     packages = with pkgs; []; # all in home.nix
   };
   users.users.tv = lib.mkIf (host == "NxACE") {
diff --git a/system-modules/virtualisation.nix b/system-modules/virtualisation.nix
old mode 100644
new mode 100755