diff --git a/common/tooling/security.nix b/common/tooling/security.nix
index ae9845f..49c9928 100644
--- a/common/tooling/security.nix
+++ b/common/tooling/security.nix
@@ -59,6 +59,7 @@ in
       ++ optional graphical pkgs.lxqt.lxqt-policykit;
 
     services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true;
+    services.openssh.settings.LoginGraceTime = 0;
     programs.gnupg.agent = {
       settings = {
         # default-cache-ttl = 6000;
diff --git a/fake_flake.nix b/fake_flake.nix
index eae1b39..09237e1 100644
--- a/fake_flake.nix
+++ b/fake_flake.nix
@@ -41,7 +41,7 @@ in
 {
   imports = [
     "${nivSources.agenix}/modules/age.nix"
-    # "${nivSources.nixos-mailserver}/default.nix"
+    "${nivSources.nixos-mailserver}/default.nix"
     "${nivSources.nixos-matrix-modules}/module.nix"
 
     (builtins.getFlake (asGithubRef nivSources.aagl-gtk-on-nix)).nixosModules.default
diff --git a/modules/default.nix b/modules/default.nix
index 412ad99..ff445b3 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -10,7 +10,7 @@ in
     ./gitea.nix
     ./grafana.nix
     ./nextcloud.nix
-    ./prometheus.nix
+    # ./prometheus.nix
     # ./mjolnir.nix
     ./fail2ban.nix
     ./email.nix
@@ -18,6 +18,8 @@ in
     ./mastodon.nix
     ./nix_cache.nix
     ./auth.nix
+    ./hedgedoc.nix
+    ./factorio.nix
   ];
 
   options.serverConfig =
@@ -147,6 +149,11 @@ in
           host = "puffer.${domain}";
           accessType = "proxy";
         };
+        hedgedoc_host = {
+          port = 8048;
+          host = "hedgedoc.${domain}";
+          accessType = "proxy";
+        };
         tlemap_host = {
           port = 8100;
           host = "tlemap.${domain}";
diff --git a/modules/email.nix b/modules/email.nix
index 9889fd7..b3835a8 100644
--- a/modules/email.nix
+++ b/modules/email.nix
@@ -7,7 +7,7 @@ in
   #  services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
   mailserver = {
     enable = true;
-    # fqdn = vhosts.mail_host.host;
+    fqdn = vhosts.mail_host.host;
     domains = [ domain ];
 
     # A list of all login accounts. To create the password hashes, use
diff --git a/modules/factorio.nix b/modules/factorio.nix
new file mode 100644
index 0000000..0ca69c8
--- /dev/null
+++ b/modules/factorio.nix
@@ -0,0 +1,27 @@
+{ pkgs, config, lib, ...}: {
+  
+  networking.firewall.allowedTCPPorts = [
+    34197
+  ];
+
+  networking.firewall.allowedUDPPorts = [
+    34197
+  ];
+
+
+  systemd.services.clusterio-trangar = {
+    description = "clusterio pulling its config from trang.ar";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    serviceConfig.Type = "simple";
+    # serviceConfig.PassEnvironment = "NIX_PATH";
+    #serviceConfig.User = "grimmauld";
+    #serviceConfig.Group = "users";
+    serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio";
+    script = ''
+      ${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio/shell.nix
+    '';
+    wantedBy = ["multi-user.target"]; # starts after login
+    enable = true;
+  };
+}
diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix
new file mode 100644
index 0000000..cd1423c
--- /dev/null
+++ b/modules/hedgedoc.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+let
+  inherit (config.serverConfig) vhosts;
+in {
+    services.hedgedoc = {
+    enable = true;
+    settings = {
+      domain = vhosts.hedgedoc_host.host;
+      inherit (vhosts.hedgedoc_host) port;
+      host = "127.0.0.1";
+      protocolUseSSL = true;
+      allowEmailRegister = false; # no registrations for now
+      allowAnonymousEdits = true; # anonymous can edit select files
+      allowAnonymous = false; # anonymous can't actually create notes
+    };
+  };
+}
diff --git a/nix/sources.json b/nix/sources.json
index c8232b8..239c38c 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -5,10 +5,10 @@
         "homepage": null,
         "owner": "ezKEa",
         "repo": "aagl-gtk-on-nix",
-        "rev": "4d7fa422b50b612aa29bfb8487472f1cd9bad85b",
-        "sha256": "1mnsks7kibjr8kb1cjy2052kjaxrvfp5adg2ibfal7j9862042af",
+        "rev": "49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8",
+        "sha256": "1275gl2ly0iaqapxwimsbnky9fzwa0x3miscz372qa74gcc0wjwv",
         "type": "tarball",
-        "url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/4d7fa422b50b612aa29bfb8487472f1cd9bad85b.tar.gz",
+        "url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "agenix": {
@@ -29,10 +29,10 @@
         "homepage": "",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "39cf62b92149800dd2a436f8b18acd471c9180dd",
-        "sha256": "07zkf00c5zw62709lmyh0kn0g9rbfd7qn8qfxhr4p0p3y59wiz7x",
+        "rev": "f1bd855c23e73e04597695ca37ae54671a7e07b1",
+        "sha256": "1dkp86mr2n0h4hq74wj3b0b9ka8x2xkwv8pcbwk5knhrv26qajwb",
         "type": "tarball",
-        "url": "https://github.com/nix-community/authentik-nix/archive/39cf62b92149800dd2a436f8b18acd471c9180dd.tar.gz",
+        "url": "https://github.com/nix-community/authentik-nix/archive/f1bd855c23e73e04597695ca37ae54671a7e07b1.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "chaotic": {
@@ -41,10 +41,10 @@
         "homepage": "https://nyx.chaotic.cx",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "86e3fe5d4ae055f99e3ce41b803dcfb5e66cc008",
-        "sha256": "1ha6hxf0l6z5x8px0yc0vmvvqycy3pcx08f0mldzcbmx7gfhsq17",
+        "rev": "38451822a144faa53a7ee96d4f0478d94945b67a",
+        "sha256": "08rcfarlda0fxgc02xdfyk8dsp18bmiyf0n39sfd5nq1s5513awy",
         "type": "tarball",
-        "url": "https://github.com/chaotic-cx/nyx/archive/86e3fe5d4ae055f99e3ce41b803dcfb5e66cc008.tar.gz",
+        "url": "https://github.com/chaotic-cx/nyx/archive/38451822a144faa53a7ee96d4f0478d94945b67a.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "glibc-eac": {
@@ -68,7 +68,7 @@
     "lix-pkg": {
         "branch": "main",
         "repo": "https://git.lix.systems/lix-project/lix.git",
-        "rev": "a510d1748416ff29b1ed3cab92ac0ad943b6e590",
+        "rev": "f2a49032a698bd96b37e8df8f02ec403fd0bed0f",
         "type": "git"
     },
     "nixos-mailserver": {
@@ -95,10 +95,10 @@
         "homepage": null,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
-        "sha256": "1b47065q41ar9585ra4akb4s4kjwcs3p3g4chrpps8704vz7nx0s",
+        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "sha256": "0s6h7r9jin9sd8l85hdjwl3jsvzkddn3blggy78w4f21qa3chymz",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/71e91c409d1e654808b2621f28a327acfdad8dc2.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/574d1eac1c200690e27b8eb4e24887f8df7ac27c.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "ranger_udisk_menu": {