diff --git a/flake.lock b/flake.lock
index 2f0508e..bb58035 100644
--- a/flake.lock
+++ b/flake.lock
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708225687,
-        "narHash": "sha256-NJBDfvknI26beOFmjO2coeJMTTUCCtw2Iu+rvJ1Zb9k=",
+        "lastModified": 1707620986,
+        "narHash": "sha256-XE0tCSkSVBeJDWhjFwusNInwAhrnp+TloUNUpvnTiLw=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "17352eb241a8d158c4ac523b19d8d2a6c8efe127",
+        "rev": "0cb4345704123492e6d1f1068629069413c80de0",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1708118438,
-        "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=",
+        "lastModified": 1707956935,
+        "narHash": "sha256-ZL2TrjVsiFNKOYwYQozpbvQSwvtV/3Me7Zwhmdsfyu4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80",
+        "rev": "a4d4fe8c5002202493e87ec8dbc91335ff55552c",
         "type": "github"
       },
       "original": {
diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix
index 025f6e0..21e6659 100644
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@@ -7,9 +7,9 @@
       ./modules/networks
       ./modules/backup
       ./modules/cache
-      # ./modules/grafana
+      ./modules/grafana
       ./modules/hydra
-      # ./modules/prometheus
+      ./modules/prometheus
       ./modules/matrix
       ./modules/seafile
       ./modules/uptime-kuma
diff --git a/hosts/nuc/modules/grafana/default.nix b/hosts/nuc/modules/grafana/default.nix
new file mode 100644
index 0000000..85b9ef3
--- /dev/null
+++ b/hosts/nuc/modules/grafana/default.nix
@@ -0,0 +1,42 @@
+{ config, ... }:
+let
+  domain = "monitoring.${config.networking.domain}";
+in
+{
+  services.grafana = {
+    enable = true;
+    settings = {
+      server = {
+        inherit domain;
+        http_addr = "127.0.0.1";
+        http_port = 3000;
+      };
+      database = {
+        type = "postgres";
+        user = "grafana";
+        host = "/run/postgresql";
+      };
+    };
+  };
+
+
+  services.postgresql = {
+    enable = true;
+    ensureUsers = [
+      {
+        name = "grafana";
+        ensureDBOwnership = true;
+      }
+    ];
+    ensureDatabases = [ "grafana" ];
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    addSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}/";
+      proxyWebsockets = true;
+    };
+  };
+}
diff --git a/hosts/nuc/modules/prometheus/default.nix b/hosts/nuc/modules/prometheus/default.nix
new file mode 100644
index 0000000..3d4f2af
--- /dev/null
+++ b/hosts/nuc/modules/prometheus/default.nix
@@ -0,0 +1,35 @@
+{ config, ... }:
+let
+  exportersConfig = config.services.prometheus.exporters;
+in
+{
+  services.prometheus = {
+    enable = true;
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+      };
+      # postgres.enable = true;
+    };
+    scrapeConfigs = [
+      {
+        job_name = "node";
+        static_configs = [
+          {
+            targets = [ "127.0.0.1:${toString exportersConfig.node.port}" ];
+          }
+        ];
+      }
+      # {
+      #   job_name = "postgres";
+      #   static_configs = [
+      #     {
+      #       targets = [ "127.0.0.1:${toString exportersConfig.postgres.port}" ];
+      #     }
+      #   ];
+      # }
+    ];
+
+  };
+}
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 3d1cbdb..4ea2bd5 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -24,7 +24,6 @@
     dnsutils
     nmap
     curlFull
-    wireguard-tools
   ];
   services.resolved = {
     fallbackDns = [
diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix
index 83aa422..373c689 100644
--- a/hosts/thinkpad/modules/virtualisation/default.nix
+++ b/hosts/thinkpad/modules/virtualisation/default.nix
@@ -19,7 +19,7 @@
     spiceUSBRedirection.enable = true;
   };
   # allow libvirts internal network stuff
-  networking.firewall.trustedInterfaces = [ "virbr0" "br0" ];
+  networking.firewall.trustedInterfaces = [ "virbr0" ];
   programs.virt-manager.enable = true;
   environment.systemPackages = with pkgs; [
     virt-viewer
diff --git a/users/rouven/modules/default.nix b/users/rouven/modules/default.nix
index 9ea32e1..8fdb02e 100644
--- a/users/rouven/modules/default.nix
+++ b/users/rouven/modules/default.nix
@@ -7,7 +7,8 @@
     ./helix
     ./wayland
     ./mpv
-    ./qutebrowser
+    # broken
+    # ./qutebrowser
     ./ssh
     ./theme
     ./tex
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index 39a482e..cc377b4 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -63,7 +63,7 @@
 
     # fancy tools
     just
-    (himalaya.override { buildFeatures = [ "pgp-commands" ]; })
+    himalaya
     # strace but with colors
     (strace.overrideAttrs (_: {
       patches = [