diff --git a/config/services/knot/default.nix b/config/services/knot/default.nix
new file mode 100644
index 00000000..227c1fc5
--- /dev/null
+++ b/config/services/knot/default.nix
@@ -0,0 +1,28 @@
+{ config, tf, pkgs, ... }:
+
+{
+  kw.secrets = [ "knot-dnsupdate" ];
+
+  network.firewall.public = {
+    tcp.ports = [ 53 ];
+    udp.ports = [ 53 ];
+  };
+
+  secrets.files.knot-dnsupdate = {
+    text = "${tf.variables.knot-dnsupdate.ref}";
+    owner = "knot";
+    group = "knot";
+  };
+
+/*  environment.etc."katdns/zones/kittywit.ch.zone".text = let
+    dns = pkgs.dns;
+  in dns.lib.toString "kittywit.ch." (import ./kittywit.ch.nix {inherit dns; }); */
+
+  services.knot = {
+    enable = true;
+    extraConfig = builtins.readFile ./knot.yaml;
+    keyFiles = [
+      config.secrets.files.knot-dnsupdate.path
+    ];
+  };
+}
diff --git a/config/services/knot/kittywit.ch.nix b/config/services/knot/kittywit.ch.nix
new file mode 100644
index 00000000..633d1857
--- /dev/null
+++ b/config/services/knot/kittywit.ch.nix
@@ -0,0 +1,16 @@
+{ dns }:
+
+with dns.lib.combinators;
+
+{
+  SOA = {
+    nameServer = "ns1";
+    adminEmail = "kat@kittywit.ch";
+    serial = 0;
+  };
+
+  NS = [
+    "ns1.kittywit.ch."
+    "ns2.kittywit.ch."
+  ];
+}
diff --git a/config/services/knot/knot.yaml b/config/services/knot/knot.yaml
new file mode 100644
index 00000000..51037de9
--- /dev/null
+++ b/config/services/knot/knot.yaml
@@ -0,0 +1,22 @@
+server:
+    listen: 0.0.0.0@53
+    listen: ::@53
+
+acl:
+  - id: update_acl
+    key: dnsupdate
+    address: 0.0.0.0/0
+    address: ::/0
+    action: update
+
+zone:
+  - domain: kittywit.ch
+    semantic-checks: on
+    storage: /etc/katdns/zones/
+    file: kittywit.ch.zone
+    dnssec-signing: on
+    acl: update_acl
+
+log:
+  - target: syslog
+    any: info
diff --git a/nix/sources.json b/nix/sources.json
index f2e89d6c..251630bd 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -89,10 +89,10 @@
         "homepage": null,
         "owner": "kittywitch",
         "repo": "nixexprs",
-        "rev": "61d795bc2b8a6afb1c55c7348fab87a2d333c2ce",
-        "sha256": "0nwj244yzlljskk20rpnl3lzn0ii85vh60ri4id9gfm4pd18mcjc",
+        "rev": "a1ef2f8f807205d39c113617670f843690253b43",
+        "sha256": "14pg1vl4ys7zbhmiy4l99fngmj1z9csrm2vap375vyjns837q9kg",
         "type": "tarball",
-        "url": "https://github.com/kittywitch/nixexprs/archive/61d795bc2b8a6afb1c55c7348fab87a2d333c2ce.tar.gz",
+        "url": "https://github.com/kittywitch/nixexprs/archive/a1ef2f8f807205d39c113617670f843690253b43.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "niv": {
diff --git a/overlays/katpkgs/personal/host-splash-site/splash.jpg b/overlays/katpkgs/personal/host-splash-site/splash.jpg
deleted file mode 100644
index 5f3231d6..00000000
Binary files a/overlays/katpkgs/personal/host-splash-site/splash.jpg and /dev/null differ