diff --git a/flake.lock b/flake.lock
index c033a61..40e31a1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711625603,
-        "narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=",
+        "lastModified": 1711915616,
+        "narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2",
+        "rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709110024,
-        "narHash": "sha256-5gJQgQAYZPvT5vzSrR2yHD4wGCQNO7Pds618MMGUTD8=",
+        "lastModified": 1711658384,
+        "narHash": "sha256-CbIPdqcX4k7DfnRaicJy6IlaszWyDIxiQMAxB6OGGK4=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot-images",
-        "rev": "05f98442b21c771c90699b55eed8f1e1c0dd50cd",
+        "rev": "7f57bdee9a22d4b2bb46ed1eae5aba11dfe34976",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711249705,
-        "narHash": "sha256-h/NQECj6mIzF4XR6AQoSpkCnwqAM+ol4+qOdYi2ykmQ=",
+        "lastModified": 1711854532,
+        "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "34519f3bb678a5abbddf7b200ac5347263ee781b",
+        "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1711523803,
-        "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
+        "lastModified": 1711703276,
+        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
+        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
         "type": "github"
       },
       "original": {
@@ -398,11 +398,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711391819,
-        "narHash": "sha256-sNI0PLFXvFM5M6h9PYrbF+IfL199OYLRz875lNZ9Y0Q=",
+        "lastModified": 1711961571,
+        "narHash": "sha256-kYcs9KKTbN0ACPYTmeAF+EIj62kGBiimffHmFgOeQJo=",
         "owner": "rouven0",
         "repo": "purge",
-        "rev": "e82088390a446b6ad1f4df92d62478ea557d98de",
+        "rev": "6ce3c6cedb0f31885fc3775c96fb8cfca403bc93",
         "type": "github"
       },
       "original": {
@@ -507,11 +507,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711395032,
-        "narHash": "sha256-2fH6TXdPKZaTx6NXucFn7HaFDZ9vC1ebTql5XkdkWTI=",
+        "lastModified": 1711961583,
+        "narHash": "sha256-ClezUJ0pH/DMU0u3e3t0qAgm+HQ9v6BmH1y5z8W6TZg=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot",
-        "rev": "4776a2235fffb96aa8fcc8e33d39af17907754ae",
+        "rev": "eeffe63c4948769034a28cf0cd04885c754eba97",
         "type": "github"
       },
       "original": {
diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index eb4e333..c94ca84 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -6,7 +6,7 @@ let
     $ORIGIN rfive.de.
 
     rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
-      2024032601 ; serial
+      2024040103 ; serial
       10800      ; refresh
       3600       ; retry
       604800     ; expire
@@ -29,10 +29,6 @@ let
     nuc         A     141.30.227.6
     falkenstein A     23.88.121.184
     falkenstein AAAA  2a01:4f8:c012:49de::1
-    falkenstein SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F
-    falkenstein SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990
-    falkenstein SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A
-    falkenstein SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2
 
     @    MX 1 mail.rfive.de.
     mail A 23.88.121.184
diff --git a/hosts/falkenstein/modules/fail2ban/default.nix b/hosts/falkenstein/modules/fail2ban/default.nix
index 658f87c..0b7dd4b 100644
--- a/hosts/falkenstein/modules/fail2ban/default.nix
+++ b/hosts/falkenstein/modules/fail2ban/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ ... }:
 {
   services.fail2ban = {
     enable = true;
@@ -11,11 +11,6 @@
       enable = true;
     };
     jails = {
-      sshd = lib.mkForce ''
-        enabled = true
-        port = ssh
-        filter= sshd[mode=aggressive]
-      '';
       dovecot = ''
         enabled = true
         # aggressive mode add blocking for aborted connections
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 7bfaf31..cbfb1f4 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -163,7 +163,8 @@
       networkConfig = {
         Address = "192.168.43.3/32";
         DNS = "192.168.43.1";
-        DNSSEC = true;
+        Domains = "~vpn.rfive.de";
+        DNSSEC = false;
         BindCarrier = [ "wlp9s0" ];
       };
     };
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index f4629b5..c42bf48 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -27,9 +27,6 @@
 
     # messaging
     tdesktop
-    gomuks
-    profanity
-    fractal
 
     # games
     prismlauncher
diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix
index 59fd80d..284d555 100644
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@@ -3,14 +3,14 @@ let
   git = "~/.ssh/git";
 in
 {
-  programs.ssh = rec {
+  programs.ssh = {
     enable = true;
     compression = true;
     controlMaster = "auto";
     controlPersist = "10m";
     extraConfig = ''
       CanonicalizeHostname yes
-      CanonicalDomains agdsn.network
+      CanonicalDomains agdsn.network vpn.rfive.de
       PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
       IdentityFile ~/.ssh/id_ed25519
       VisualHostKey = yes
@@ -21,26 +21,6 @@ in
         match = "Host github.com User git";
         identityFile = git;
       };
-      "rfive.de" = {
-        hostname = "falkenstein.rfive.de";
-        user = "root";
-        extraOptions = {
-          VerifyHostKeyDNS = "yes";
-        };
-      };
-      # used for nix remote building
-      falkenstein = matchBlocks."rfive.de";
-
-      "nuc" = {
-        hostname = "192.168.42.2";
-        user = "root";
-      };
-
-      "router" = {
-        hostname = "192.168.42.1";
-        user = "root";
-      };
-
       # iFSR
       "fsr" = {
         hostname = "ifsr.de";
@@ -70,10 +50,6 @@ in
         hostname = "tomate.ifsr.de";
         user = "root";
       };
-      "durian" = {
-        hostname = "durian.ifsr.de";
-        user = "root";
-      };
       "git@ifsr.de" = {
         match = "Host ifsr.de User git";
         identityFile = git;
@@ -94,6 +70,9 @@ in
           VerifyHostKeyDNS = "yes";
         };
       };
+      "*.vpn.rfive.de" = {
+        user = "root";
+      };
       "git@git.agdsn.de" = {
         match = "Host git.agdsn.de User git";
         identityFile = git;