diff --git a/.github/workflows/fmt.yaml b/.github/workflows/fmt.yaml
new file mode 100644
index 0000000..93d16c5
--- /dev/null
+++ b/.github/workflows/fmt.yaml
@@ -0,0 +1,27 @@
+name: main
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  check-flake:
+    name: Nixpkgs Formatting
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v18
+        with:
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+
+      - run: nix-channel --add https://nixos.org/channels/nixos-22.11 nixos 
+      - run: nix-channel --update
+      - run: nix shell nixpkgs#nixpkgs-fmt -c nixpkgs-fmt . --check
diff --git a/flake.nix b/flake.nix
index 99a38a7..8d70ec2 100755
--- a/flake.nix
+++ b/flake.nix
@@ -56,16 +56,19 @@
           modules = [
             inputs.sops-nix.nixosModules.sops
             ./hosts/quitte/configuration.nix
+            ./modules/options.nix
             ./modules/base.nix
             ./modules/sops.nix
-            ./modules/keycloak.nix
             ./modules/ldap.nix
+            # ./modules/keycloak.nix replaced by portunus
             ./modules/nginx.nix
             ./modules/hedgedoc.nix
             ./modules/wiki.nix
             ./modules/stream.nix
             ./modules/nextcloud.nix
             {
+              fsr.enable_office_bloat = false;
+              fsr.domain = "staging.ifsr.de";
               sops.defaultSopsFile = ./secrets/quitte.yaml;
             }
           ];
@@ -75,8 +78,9 @@
           modules = [
             inputs.sops-nix.nixosModules.sops
             ./hosts/quitte/configuration.nix
+            ./modules/options.nix
             ./modules/base.nix
-            ./modules/keycloak.nix
+            # ./modules/keycloak.nix replaced by portunus
             ./modules/nginx.nix
             ./modules/hedgedoc.nix
             ./modules/wiki.nix
diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix
index 501b0d9..3c8b776 100644
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "pad.quitte.tassilo-tanneberger.de";
+  domain = "pad.${config.fsr.domain}";
 in
 {
   services = {
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
index 407f847..373466d 100644
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "nc.quitte.fugi.dev";
+  domain = "nc.${config.fsr.domain}";
 in
 {
   sops.secrets = {
diff --git a/modules/options.nix b/modules/options.nix
index 26868ae..dc8f4d5 100644
--- a/modules/options.nix
+++ b/modules/options.nix
@@ -1,7 +1,14 @@
 { config, lib, ... }: with lib; {
-  options.fsr.enable_office_bloat = mkOption {
-    type = types.bool;
-    default = false;
-    description = "install heavy office bloat like texlive, okular, ...";
+  options.fsr = {
+    enable_office_bloat = mkOption {
+      type = types.bool;
+      default = false;
+      description = "install heavy office bloat like texlive, okular, ...";
+    };
+    domain = mkOption {
+      type = types.str;
+      default = "ifsr.de";
+      description = "under which top level domain the services should run";
+    };
   };
 }
diff --git a/modules/stream.nix b/modules/stream.nix
index 2d7bb7f..088840d 100644
--- a/modules/stream.nix
+++ b/modules/stream.nix
@@ -10,7 +10,7 @@ in
   services = {
     nginx = {
       virtualHosts = {
-        "stream.ifsr.de" = {
+        "stream.${config.fsr.domain}" = {
           enableACME = true;
           forceSSL = true;
           locations."/" =
diff --git a/modules/wiki.nix b/modules/wiki.nix
index 23767c8..aa4e5cc 100644
--- a/modules/wiki.nix
+++ b/modules/wiki.nix
@@ -116,10 +116,6 @@
                 $wgPluggableAuth_EnableLocalLogin = true;
       '';
       extensions = {
-        #Cite = pkgs.fetchzip {
-        #  url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
-        #  sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
-        #};
         CiteThisPage = pkgs.fetchzip {
           url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
           sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI=";
@@ -128,10 +124,6 @@
           url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
           sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
         };
-        #DynamicPageList = pkgs.fetchzip {
-        #  url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
-        #  sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
-        #};
         Lockdown = pkgs.fetchzip {
           url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
           sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
@@ -188,7 +180,7 @@
     nginx = {
       recommendedProxySettings = true;
       virtualHosts = {
-        "wiki.quitte.tassilo-tanneberger.de" = {
+        "wiki.${config.fsr.domain}" = {
           enableACME = true;
           forceSSL = true;
           locations."/" = {