diff --git a/configuration.nix b/configuration.nix
index c7e3aae..c8bca8f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -10,7 +10,8 @@ in {
     ./hardware-configuration.nix    
   ];
 
-  boot.kernelPackages = pkgs.linuxPackages_hardened;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  services.logrotate.checkConfig = false; # needed or this explodes
 
   users.users.grimmauld = {
     isNormalUser = true;
diff --git a/flake.nix b/flake.nix
index a6234e4..786784d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,9 +32,10 @@
           ./modules/nextcloud.nix
           ./modules/prometheus.nix
           ./modules/letsencrypt.nix
-          ./modules/mjolnir.nix
+#          ./modules/mjolnir.nix
           ./modules/fail2ban.nix
           ./modules/email.nix
+          ./modules/discord-matrix-bridge.nix
           ./modules/mastodon.nix
           agenix.nixosModules.default
           nixos-mailserver.nixosModules.default
diff --git a/modules/discord-matrix-bridge.nix b/modules/discord-matrix-bridge.nix
new file mode 100644
index 0000000..a3d0f77
--- /dev/null
+++ b/modules/discord-matrix-bridge.nix
@@ -0,0 +1,30 @@
+{config, lib, pkgs, ...}: let
+  root_host = "grimmauld.de";
+  bridge_port = 9005; # netstat -nlp | grep 9005
+in {
+  age.secrets = { 
+    matrix_discord_bridge_token = {
+      file = ../secrets/matrix_discord_bridge_token.age;
+#      mode = "0600";
+    };
+  };
+
+  services.matrix-synapse-next.settings.app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" ];
+
+  services.matrix-appservice-discord = {
+    enable = true;
+    settings = {
+      auth = {
+        usePrivilegedIntents = true; # typing status and stuff
+      };
+      bridge = {
+        enableSelfServiceBridging = true;
+        domain = root_host;
+        homeserverUrl = "https://grimmauld.de"; # fixme does this work? Potentially need root_host instead
+      };
+    };
+    port = bridge_port;
+    localpart = "_discord_bot"; # fixme
+    environmentFile = config.age.secrets.matrix_discord_bridge_token.path;
+  };
+}
diff --git a/secrets/matrix_discord_bridge_token.age b/secrets/matrix_discord_bridge_token.age
new file mode 100644
index 0000000..ce49777
--- /dev/null
+++ b/secrets/matrix_discord_bridge_token.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa jWbwAg
+NjaxRq6jsJbscI9ySg58c9D8HEOUjEusNfEDn2aCEcyvmO0AeLImCK/MI08x8hJ2
+FwSmPVpumzatiTd9U8orgUj7ivr5On5yItg1FJs1yGojDotnvXKx2P2ulAkeGs/B
+KHx7UZnCwm9gAzwz8r6Uki+R56/Wu/TCfygbGq0sRI1+Tyo2PdZv0EiXXQ+f5g0c
+VS23NyxGxzO3yIHRV0hRB9xRfUlYddSINVqcfRr54q2DIFi1DKU2BueAchGF2tIl
+9uazNaWetXeqLF15UAYbxv1Sh5/YOmZKSr6WXhTfmzT6bSTnDwu6IqYhgBagRIEO
+lv17r0wbmNAHhDZKuj60Fv+28tbWdU4WENOVhrxsImJMP6iHC79iCpNM/uHLALwN
+yB1MF4oFAajX2LzW4tmmoR3bM2LCy/aW3oNccLm8M1mWuPg6pqyhiejAk/09b0BT
+73HqqHSBys4DMEUjxntG+BhtwAm+3e+zcG+7MSa9fVf3yb566EUnVNHjm60pX0JN
+FIn08qwIS1vtDD/2vGDMB575sYafurh6gJ6kmwikv2IOlbJBoyXBONEb7Q5TGeJ6
+mon6l7zdqgW/sYgW2wAsmwGrUTHeJNVV/CUNt1sPhmb7VyqRpP0a/fWif/S2XpxY
+Caiv38ccsmpmm639BhBV7iF8BhV//Ovja/hKwsLUsoM
+--- suzKNMEdOeEQQnOg6BIVnTTGqCg7b0+eAiVS6PR8W2c
+´êõG"ÎÇu¿ívÊª¦¡ÚH"ÅtH aËÅz#¶0.éâ‚É³:žI’å‹¾_†DU‡7xª¼MÌ@‰¹#ÆP£¢µ9ªz5¿”;Çš-êk“jhHâªáy[cü>ÖPÖ¯õîà¥­Axî°¾áÐJàâ¸,í	=í^%Ùá}éŽn\s½{«qÎ~AgxÛ6Š©ÿpÊfwæ8ÇÝ"yê³Ô²Ý¦ñ|=È„ë¥·T4ÏTxÀ]—©|>¬*Õ‚ä
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bcb50d1..4c2cbef 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -13,4 +13,5 @@ in
   "matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ];
   "matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
   "matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ];
+  "matrix_discord_bridge_token.age".publicKeys = [ contabo_nix_pub ];
 }