diff --git a/configuration.nix b/configuration.nix
index 8de343f..aa09459 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -126,6 +126,8 @@
     neofetch
     direnv
     openssl
+    openvpn
+    ollama # maybe
   ];
 
   environment.sessionVariables = rec {
@@ -162,8 +164,29 @@
   };
 
 
+  ### OLLAMA
+  systemd.services.ollama = {
+    description = "Ollama Service";
+    after = [ "network-online.target" ];
+    serviceConfig.Type = "simple";
+    serviceConfig.ExecStart = "${pkgs.ollama} serve";
+    serviceConfig.User = "ollama";
+    serviceConfig.Group = "ollama";
+    serviceConfig.Restart = "always";
+    serviceConfig.RestartSec = "3";
+    wantedBy = [ "default.target" ];
+  };
 
 
+  users.users.ollama = {
+    isSystemUser = true;
+    home = "/usr/share/ollama";
+    shell = "/bin/false";
+    group = "ollama";
+  };
+  users.groups.ollama = {};
+  ### END OLLAMA
+
 
   # List services that you want to enable:
 
diff --git a/flake.nix b/flake.nix
index caf4b32..815aa3b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -39,7 +39,7 @@
       nx2 = home-manager.lib.homeManagerConfiguration {
         inherit pkgs;
         modules = [ ./home.nix ];
-        extraSpecialArgs = {inherit user allowed secrets;};
+        extraSpecialArgs = {inherit system user allowed secrets;};
       };
     };
 
diff --git a/home.nix b/home.nix
index 644278e..7cab7b3 100644
--- a/home.nix
+++ b/home.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, allowed, secrets, ... }:
+{ config, pkgs, lib, system, allowed, secrets, ... }:
 
 {
   imports = [
@@ -43,14 +43,40 @@
     element sssnake pipes
 
 
-
     # # You can also create simple shell scripts directly inside your
     # # configuration. For example, this adds a command 'my-hello' to your
     # # environment:
-    (pkgs.writeShellScriptBin "nx_connect_to_pnx" ''
+    (writeShellScriptBin "nx_connect_to_pnx" ''
       cd /home/nx2/PNX/vpn
-      sudo openvpn /home/nx2/PNX/vpn/firewall_phoenix_1_local_RW_Phoenix.ovpn
+      sudo openvpn /home/nx2/.ssl/ljk-pnx.ovpn --auth-user-pass ~/.ssl/ljk-pnx-pass.txt #gets put there by home-manager
     '')
+
+    (writeShellScriptBin "nxrbs-nix" ''
+      set -e
+      pushd ~/.nix-dots/
+      git diff
+
+    '')
+
+    # only works on spec arch, chage url for others
+    (stdenv.mkDerivation {
+      name = "easycommit";
+      src = pkgs.fetchurl {
+        url = "https://github.com/blackironj/easycommit/releases/download/v0.0.1/easycommit-v0.0.1-linux-amd64.tar.gz";
+        sha256 = "sha256-Ip5wfVe/RzCxGGh1YFBllAn84nD7mUXbnMko+ue/C2E=";
+      };
+      phases = ["installPhase"];
+      installPhase = ''
+        mkdir -p $out/bin
+        tar xf $src -C $out/
+        ls -la $out
+        mv $out/easycommit $out/bin/
+        chmod +x $out/bin/easycommit
+      '';
+    })
+
+
+
   ];
 
 
@@ -70,6 +96,7 @@
 
 
 
+
   # systemd.user.services = {
   #   ydotoold = {
   #     Unit = {
@@ -90,6 +117,13 @@
 
   home.file = {
 
+    ".ssl/ljk-pnx-cert.pem" = secrets.pnxVpn.cert;
+    ".ssl/ljk-pnx-cert.key" = secrets.pnxVpn.certKey;
+    ".ssl/ljk-pnx-ca.pem" = secrets.pnxVpn.ca;
+    ".ssl/ljk-pnx.ovpn" = secrets.pnxVpn.ovpn;
+    ".ssl/ljk-pnx-pass.txt" = secrets.pnxVpn.pass;
+
+
     # ".config/libinput/gestures".text = ''
       # # Swipe threshold (0-100)
       # swipe_threshold 0
diff --git a/secrets/passwords-and-certificates.nix b/secrets/passwords-and-certificates.nix
index 038fa55..715cd39 100644
Binary files a/secrets/passwords-and-certificates.nix and b/secrets/passwords-and-certificates.nix differ