diff --git a/.sops.yaml b/.sops.yaml
index 356cf9d..d27c351 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@ keys:
   - &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
   - &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
   - &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
+  - &server_legacy age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
diff --git a/flake.nix b/flake.nix
index a3186be..5884e1e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -51,7 +51,9 @@
             myhostname = "legacy";
           };
           modules = [
+            stylix.nixosModules.stylix
             ./maskiner/legacy/configuration.nix
+			sops-nix.nixosModules.sops
           ];
         };
         node = nixpkgs.lib.nixosSystem {
diff --git a/maskiner/legacy/configuration.nix b/maskiner/legacy/configuration.nix
index 02740b5..e101a51 100644
--- a/maskiner/legacy/configuration.nix
+++ b/maskiner/legacy/configuration.nix
@@ -28,11 +28,27 @@ in
     ../../moduler/sound.nix
   ];
 
+  sops.defaultSopsFile = ../../secrets/sops.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  stylix = {
+    enable = true;
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-latte.yaml";
+  };
+
   home-manager.extraSpecialArgs = { inherit inputs pkgs; };
   home-manager.users.fw = {
     imports = [
       ./../../moduler/home.nix
     ];
+    stylix.targets = {
+      lazygit.enable = false;
+      fish.enable = false;
+      kitty.enable = false;
+      waybar.enable = false;
+      tmux.enable = false;
+      k9s.enable = false;
+    };
   };
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
diff --git a/maskiner/node/configuration.nix b/maskiner/node/configuration.nix
index 8af7c08..004ca46 100644
--- a/maskiner/node/configuration.nix
+++ b/maskiner/node/configuration.nix
@@ -22,6 +22,7 @@
     ../../moduler/services/monitoring
     ../../moduler/services/headscale
     # ../../moduler/wastring.nix
+     ../../moduler/wedding.nix
   ];
 
   sops.defaultSopsFile = ../../secrets/sops.yaml;
diff --git a/moduler/programs/k9s/default.nix b/moduler/programs/k9s/default.nix
index 362db7b..65155c8 100644
--- a/moduler/programs/k9s/default.nix
+++ b/moduler/programs/k9s/default.nix
@@ -9,7 +9,8 @@ let
 in
 {
   programs.k9s = {
-    enable = true;
+    # enable = true;
+    enable = false;
 	settings = {
 		k9s.ui.skin = "catppuccin-latte";
 	};
diff --git a/moduler/wedding.nix b/moduler/wedding.nix
new file mode 100644
index 0000000..6c89be8
--- /dev/null
+++ b/moduler/wedding.nix
@@ -0,0 +1,36 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+
+let
+in
+{
+  sops.secrets.github_password = { };
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers = {
+      wedding = {
+        login = {
+          username = "fwastring";
+          passwordFile = config.sops.secrets.github_password.path;
+          registry = "https://ghcr.io";
+        };
+        image = "ghcr.io/fwastring/wedding:8eed91e3c05fde5f826f25de4c7bccdbc312caef";
+        ports = [ "127.0.0.1:8083:8080" ];
+      };
+    };
+  };
+  services.nginx = {
+    virtualHosts."wedding.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8083";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
diff --git a/secrets/sops.yaml b/secrets/sops.yaml
index 623737c..cf1f0ce 100644
--- a/secrets/sops.yaml
+++ b/secrets/sops.yaml
@@ -1,6 +1,7 @@
 gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str]
 wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str]
 wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str]
+github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str]
 sops:
     age:
         - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
@@ -30,7 +31,7 @@ sops:
             OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
             A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-13T19:07:35Z"
-    mac: ENC[AES256_GCM,data:aQy8wXhipZtFjAGvHd4+M1wj18vIQNOw2gRvjtcCpvsnD35CDHPNPC2taH9p8Dj3zDta+2L+GP7mwsxKyU/jMKQrgVmLb0A2ConBx0IcuAhs1xI6E9lW2zGiQg6eWllQvvFispakc1mT1f763wQRUnsWif/GvNCluBybm0TPjbE=,iv:tFYEFMHear3tI6VTXrvyEJB0jIrmXzK1j7p7R0uRQEo=,tag:uEeJoaaF14YYQSWliZctgw==,type:str]
+    lastmodified: "2025-09-16T20:08:36Z"
+    mac: ENC[AES256_GCM,data:AC+MzlY0cJDoiEeSHyce84vueGabqQH/9dUfykUtlLvZehm7evBKR2YC4CMX3rAEv8zNvq8ZsPe5nTdzgB1WGQczkBQoVTe8Wh9vbH/xUVA7Wjk3AtJMkcy3rL4DYZyx5oBFht30o7ixgwTnOk9gXsdrkDbn5zozoIyWcGApgnQ=,iv:dyIphekRyLsgkreE2H6eCoESMh7vRqULtdNmqoqgLN4=,tag:AqRiy8Cv7CBOhWLkyRaqrg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2