diff --git a/config/hosts/daiyousei.nix b/config/hosts/daiyousei.nix
index 3fa88456..67144e09 100644
--- a/config/hosts/daiyousei.nix
+++ b/config/hosts/daiyousei.nix
@@ -4,6 +4,12 @@
     profiles.hardware.oracle.ubuntu
     profiles.network
     services.nginx
+    services.gitea
+    services.murmur
+    services.murmur-ldap
+    services.prosody
+    services.synapse
+    services.syncplay
     services.filehost
     services.keycloak
     services.vikunja
@@ -11,7 +17,9 @@
     services.openldap
     services.mail
     services.hedgedoc
+    services.website
     services.dnscrypt-proxy
+    services.vaultwarden
   ];
 
   kw.oci = {
diff --git a/config/hosts/goliath.nix b/config/hosts/goliath.nix
index 9b14e753..33466486 100644
--- a/config/hosts/goliath.nix
+++ b/config/hosts/goliath.nix
@@ -151,15 +151,15 @@
       displays = {
         "HDMI-A-1" = {
           res = "1920x1080";
-          pos = "0 0";
+          pos = "1920 0";
         };
         "DVI-D-1" = {
           res = "1920x1200";
-          pos = "1920 0";
+          pos = "3840 0";
         };
         "DP-1" = {
           res = "1920x1080";
-          pos = "3840 0";
+          pos = "0 0";
         };
       };
       bamboo.display = "HDMI-A-1";
diff --git a/config/hosts/kyouko.nix b/config/hosts/kyouko.nix
index ec0eae69..eb5277c8 100644
--- a/config/hosts/kyouko.nix
+++ b/config/hosts/kyouko.nix
@@ -10,19 +10,11 @@ with lib;
     profiles.network
     users.kat.server
     users.kat.services.weechat
-    services.gitea
     services.logrotate
-    services.synapse
-    services.murmur
-    services.murmur-ldap
     services.nginx
     services.postgres
-    services.prosody
     services.restic
-    services.syncplay
     services.taskserver
-    services.vaultwarden
-    services.website
     services.weechat
     services.znc
   ];
diff --git a/config/profiles/hardware/default.nix b/config/profiles/hardware/default.nix
index e25fddc1..8ac8144f 100644
--- a/config/profiles/hardware/default.nix
+++ b/config/profiles/hardware/default.nix
@@ -20,7 +20,7 @@
         ryzen
         amdgpu
         laptop
-        wifi
+        networkmanager
       ];
     };
     x270 = {
diff --git a/config/services/keycloak.nix b/config/services/keycloak.nix
index 533b3607..40bee736 100644
--- a/config/services/keycloak.nix
+++ b/config/services/keycloak.nix
@@ -3,6 +3,9 @@
 in {
   services.keycloak = {
     enable = builtins.getEnv "CI_PLATFORM" == "impure";
+    package = (pkgs.keycloak.override {
+      jre = pkgs.openjdk11;
+    });
     bindAddress = "127.0.0.1";
     httpPort = "8089";
     httpsPort = "8445";
@@ -38,6 +41,7 @@ in {
   security.acme.certs.domain-auth = {
     group = "domain-auth";
     postRun = ''
+      ${pkgs.adoptopenjdk-jre-bin}/bin/keytool -delete -alias auth.kittywit.ch -keypass ${keystore-pass} -storepass ${keystore-pass} -keystore ./trust-store.jks
       ${pkgs.adoptopenjdk-jre-bin}/bin/keytool -import -alias auth.${config.network.dns.domain} -noprompt -keystore trust-store.jks -keypass ${keystore-pass} -storepass ${keystore-pass} -file cert.pem
       chown acme:domain-auth ./trust-store.jks
     '';
diff --git a/config/services/murmur.nix b/config/services/murmur.nix
index 2daff1a6..36890423 100644
--- a/config/services/murmur.nix
+++ b/config/services/murmur.nix
@@ -36,7 +36,6 @@ in
       ${optionalString forking "pidfile=/run/murmur/murmurd.pid"}
       welcometext="${cfg.welcometext}"
       port=${toString cfg.port}
-      ${if cfg.hostName == "" then "" else "host="+cfg.hostName}
       ${if cfg.password == "" then "" else "serverpassword="+cfg.password}
       bandwidth=${toString cfg.bandwidth}
       users=${toString cfg.users}
diff --git a/config/services/prosody.nix b/config/services/prosody.nix
index 8069bd53..98b191fe 100644
--- a/config/services/prosody.nix
+++ b/config/services/prosody.nix
@@ -69,13 +69,13 @@ with lib;
     services_prosody_xmpp = {
       inherit (config.network.dns) zone;
       domain = "xmpp";
-      a.address = config.network.addresses.public.nixos.ipv4.address;
+      a.address = config.network.addresses.public.nixos.ipv4.selfaddress;
     };
 
     services_prosody_xmpp_v6 = {
       inherit (config.network.dns) zone;
       domain = "xmpp";
-      aaaa.address = config.network.addresses.public.nixos.ipv6.address;
+      aaaa.address = config.network.addresses.public.nixos.ipv6.selfaddress;
     };
 
     services_prosody_upload = {
diff --git a/config/services/website.nix b/config/services/website.nix
index a6f8b048..ca10bdcb 100644
--- a/config/services/website.nix
+++ b/config/services/website.nix
@@ -5,9 +5,10 @@
 
   services.nginx.virtualHosts = {
     "${config.network.dns.domain}" = {
-      root = pkgs.kittywitch-site;
+      #root = pkgs.kittywitch-site;
       enableACME = true;
       forceSSL = true;
     };
+
   };
 }
diff --git a/config/tf b/config/tf
index 91453a80..c8f2b374 160000
--- a/config/tf
+++ b/config/tf
@@ -1 +1 @@
-Subproject commit 91453a80e77a738d247ec55f2df42a504c3c3d0f
+Subproject commit c8f2b37479367758f7518859b335e641d4833eef
diff --git a/overlays/default.nix b/overlays/default.nix
index 9c3e8952..1d4d49bd 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -15,7 +15,7 @@ let
     ]);
     config = {
       allowUnfree = true;
-      allowUnsupportedSystem = true;
+      allowBroken = true;
       permittedInsecurePackages = [
         "ffmpeg-3.4.8"
         "ffmpeg-2.8.17"