diff --git a/configuration.nix b/configuration.nix
index c8bca8f..859452c 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -78,10 +78,10 @@ in {
   };
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  system.stateVersion = "unstable";
   nixpkgs.config.allowUnfree = true;
 
   boot.tmp.cleanOnBoot = true;
+  system.stateVersion = "unstable";
   zramSwap.enable = true;
   networking.hostName = "grimmauld-nixos-server";
   networking.domain = "";
diff --git a/flake.lock b/flake.lock
index fb7d745..96ff680 100644
--- a/flake.lock
+++ b/flake.lock
@@ -200,6 +200,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1706098335,
+        "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1705856552,
@@ -217,11 +233,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1705856552,
-        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "lastModified": 1706191920,
+        "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
         "type": "github"
       },
       "original": {
@@ -236,7 +252,8 @@
         "agenix": "agenix",
         "nixos-mailserver": "nixos-mailserver",
         "nixos-matrix-modules": "nixos-matrix-modules",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_3",
+        "nixpkgs-stable": "nixpkgs-stable"
       }
     },
     "systems": {
diff --git a/flake.nix b/flake.nix
index 786784d..5cbe25c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,6 +7,7 @@
     nixpkgs = {
       url = "github:NixOS/nixpkgs/nixos-unstable";
     };
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
     nixos-matrix-modules = {
       url = "git+https://github.com/dali99/nixos-matrix-modules?submodules=1";
       flake = true;
@@ -17,12 +18,14 @@
     };
   };
 
-  outputs = { nixos-mailserver, nixos-matrix-modules, self, nixpkgs, agenix }: let
+  outputs = { nixos-mailserver, nixos-matrix-modules, self, nixpkgs-stable, nixpkgs, agenix, ... } @ inputs: let
     system = "x86_64-linux";
+    stable = import nixpkgs-stable { inherit system; config.allowUnfree = true; };
   in {
     nixosConfigurations = {
       grimmauld-nixos-server = nixpkgs.lib.nixosSystem {
         inherit system;
+        specialArgs = { inherit inputs stable; };
         modules = [
           ./configuration.nix
           ./modules/matrix.nix
@@ -37,6 +40,7 @@
           ./modules/email.nix
           ./modules/discord-matrix-bridge.nix
           ./modules/mastodon.nix
+          ./modules/folding.nix
           agenix.nixosModules.default
           nixos-mailserver.nixosModules.default
           nixos-matrix-modules.nixosModules.default
diff --git a/modules/email.nix b/modules/email.nix
index 42cd544..dcb252e 100644
--- a/modules/email.nix
+++ b/modules/email.nix
@@ -5,7 +5,7 @@ let
 in {
   security.acme.certs."${root_host}".extraDomainNames = [ mail_host ];
 
-
+  services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
   mailserver = {
     enable = true;
     fqdn = mail_host;
diff --git a/modules/folding.nix b/modules/folding.nix
new file mode 100644
index 0000000..f3689fb
--- /dev/null
+++ b/modules/folding.nix
@@ -0,0 +1,17 @@
+{ pkgs, stable, ... }: let
+  inherit (pkgs) fetchurl;
+in {
+  nixpkgs.overlays = [ (final: prev: {
+    fahclient = prev.pkgs.callPackage (fetchurl {
+      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/e655eb33b2e83aebf39b30535e8990e45e27588b/pkgs/applications/science/misc/foldingathome/client.nix";
+      hash = "sha256-LPFWAubPvmCuO25DE3MZ1JCk4MtHA7uhEKdpsAtkbsI=";
+    }) {};
+  })];
+  services.foldingathome = {
+    enable = true;
+    daemonNiceLevel = 19;
+    user = "Grimmauld";
+    package = pkgs.fahclient;
+  };
+  environment.systemPackages = with pkgs; [ fahclient ];
+}
diff --git a/modules/puffer.nix b/modules/puffer.nix
index 5955067..676580e 100644
--- a/modules/puffer.nix
+++ b/modules/puffer.nix
@@ -27,7 +27,7 @@ in {
     };
   };
   security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ];
-  networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 ];
+  networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 25567 25568];
 
 #  virtualisation.podman.enable = true;
   virtualisation.docker.enable = true;