diff --git a/cert.pem b/cert.pem
index 0d11faf..118a966 100644
--- a/cert.pem
+++ b/cert.pem
@@ -1,29 +1,29 @@
 -----BEGIN CERTIFICATE-----
-MIIE6zCCAtOgAwIBAgIUNNSWTkJnI0dCgQaJdOCX3JAWHc0wDQYJKoZIhvcNAQEL
-BQAwFDESMBAGA1UEAwwJMTAuNTUuMC4yMB4XDTIxMDYyNTEzNTYzMFoXDTIyMDYy
-NTEzNTYzMFowFDESMBAGA1UEAwwJMTAuNTUuMC4yMIICIjANBgkqhkiG9w0BAQEF
-AAOCAg8AMIICCgKCAgEAxMeQxG3pdasufk1FoJHs9gB9SjV8KwDtp3fWrF9IvU+Y
-S/AemARwcublbom8VHfAKAQymUd6ySPrxtfGfY3/p1gfiYVQDEW6tEpLas5mkrPG
-zKY3L7ORCuCcxCc6gJZIjSHQv4LpJutcsJDvGiwrw+2M+8mMD2EL0QHT8zYMefhV
-Rm9opkcgzE9uWzyzlgqEEVu7FFkBIc6s0f27ZQzYtSrabU0qeCc3jrxlux/0jupM
-73LG79CvPo3sTocDmol2Rqi85OE7KuR7CgMqa5ZkR4uLLTnp8Zia0Ha4UuMRANHN
-FxIfnXcTgkx8SQZH9JH8GAD1af5CJFvdJ1AB6QvnTSPoEGVDVlAJhq0CIakMdA/b
-HALiM1+o7M39HyHv2f8UZ2CsESmCpgxVsISCKkVeGt4VrsvgxmJU+NQPGci8Vgwx
-Vv5KueenzfmyX1DYRm1IJz4IufG3wypGSMWwrIDFCLfFhBm1buJLdU+mLddD+jA3
-tc0JnxB7VINEhb0DiK1OuxeRhRrp6IjDUurMdQ+euyTToJAttfm0USUQx+43aNot
-hd4ZwfX43oN//N+wGr0gKENmO5mF95mQTmPdH+1JlKsyMgXoWerezE8kFsCfK6Z6
-1eEvaFtqsPYN/dmXQRQQGW80iQKPFdmwk33KyH5TLBSLDlJCuz/ml9HC6CSQ+zMC
+MIIE6zCCAtOgAwIBAgIUYwGtP4yx0u86Vhmz/QMYny9UZNkwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJMTAuNTUuMC4yMB4XDTIyMDEyMTA3NTI1M1oXDTMyMDEx
+OTA3NTI1M1owFDESMBAGA1UEAwwJMTAuNTUuMC4yMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA8WLjrsuY8F1dAIVxYDwZSl8IXh2msJJw/mQlpKXS4UKm
+ypwYNuV/onEwqX+J4j09+IKFD5CDOXJ6ttUkdYRBt+sJ3irR82PBJWw1VN0Hx4XX
+4ln8nVyZzM5DXERGjk9odN0B0ItKrYR7IoX4peabuU8mHamLbnO0k2TOjChFqFC1
+1C7m2KRJ8RSAP17oYnwi7zUs8ZCBHaoxD1mhcCrCTgA2fGiv1CAtkoYuPLabxgwA
+o9flmw+s2f95dGmWAybKzRGHXXy26CfU0HWwujkEPWORwuh2aISY+nVY+jigqae8
+5SuL2qHnQW5CxViUjG8tzsuSq/Tad+EbQ8UsxjPgzoD3NdK0Ynk4vUKoBShVPqkk
+Psut7eaVykJ7E3Epv/BnJlvfTvqnR0VwCI5A0QQd37inBU2Qlv5cK3sKKmN4xdMt
+r26eVYG05u+d3PbC7GW/Ocydu74U8vUtBN/ev5QzYFPwjz6shabfIRdjNy1o38tX
+CZjCvdh19WJinQjCoRqBMqD29pM7QBb4ubn4Yj2xTdGu5jbeHwSwk5aof3kZi7OD
+yZJvidkz1xwvTfhDFIMmGwdEofeVcn3UpYzTN8/+6dQVk1SyGHf1+UOe3d8xcXQf
+KEHOJsOlq9W54VtAj+WfPvAEF6dI8GdIMc9rjvPVUWtJdEYIVA1RL20tt0CL1BkC
 AwEAAaM1MDMwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud
-EQQIMAaHBAo3AAIwDQYJKoZIhvcNAQELBQADggIBAAMB4ykzYA6bAPRftL82VrkM
-Ls8p5xdXogiE68QegoGVIV1R4j6JEotPSdDsvt5B77RVgL1aJ/rIsjfX26IkN9me
-wTE0NlhOSWY2ShsPJ9YRHPV0UAyrzE0KPVqnpeQWuS6Vt7aNaAcNXR/Xgs+DJCab
-SfWN6uZHbgYxoMzbV7Xk5HOinJmxt2r31+LZL4rCUajobpNdod6a1s2XQz8vwKgA
-c7tUEfTe48YOXeLT4GcugYDL+JliaDTwXWJ5VzQByJeBvwLsggVRBtsxT2tbr0iT
-FBPRK+vT20vZVACzxUlRpvzUGau16IdzF2u8/KO+0Zbpm9k/EzPRvJcxt5mBp+Mh
-joqTtp3SG/nCbs+6z8FYzZYHzWPHg1YdcZcnWj7YUDDIZLLJMX+0hGUcWLKV9+MV
-VCGpRGY8IZ+Ke3KN0J0IkJLfERezQdyVrSJlgvKAjICQ4dboLCFFm1EvEp/beSnW
-9STGWRREyId7e3UeL0EBnISd3ym7O+oY2QcbCTj+WPaFefovwBfixG4AFEJlJsYp
-1gQClz28AvDT6aDYSKWodQKXSbz5j0BLG5ez7IBEdvXzmcZU53kKmn5oW9pE7q2M
-0OCu628xx51ePG2FgF50vvA5rzJjDIN+vwS+oBSNKG8KscsxGt3V4g3Hmzzh9qg+
-LUHIEflezPJoCBc1CBBm
+EQQIMAaHBAo3AAIwDQYJKoZIhvcNAQELBQADggIBABElHiY1vOY2ksNNAr/McpgH
+1OHhQhMt91Ah1fXsyo25MebTq2MUz5E/csBaHU+iRHVJ2IDhKh9xQtzvvnuLHSHe
+of7Tm4GkHpeTq8p8FuCP7r6BN7ehJm4z9zewExPP6QtRXgkJsOeud47yKCgW/9sH
+UVwUSB0pBpz8E87VbxnAqbjpfAWY2L5y/7o/g6iaX5Kwn5mNtgWHrjTD1Itdl738
++ESurei7JDBF0zJAEDxqvIuuVl1rkoTru7MaCT12Y9tfWYUyYDbXgZ3daIrAhnWs
+ZZveNOLbtpB1099L/sdsbITfNg4pDtMvOTp3NCN4jkt+vFopwMpUYxXSADrJ14MJ
+3dUdYtlFcqtP7j2Da74ldw+5U7T8DJi8fOQ+KpNpGaE+OG+X9pl+1QPdisRBADuc
+pCDFgAitiL9XUnErlm6G+pbgFdC2sXRDsBfawp9ApWOCdNb5VQ9KwJPoD1ZxQBkx
+x/7eCtKy6q6XyPkT/Feib0R1Fsiet6PYaCt9sWercvEogqgJSVbtihebj0z5Bl2W
+q3j22H7UL/P5yiQlDs4t+OUfDVd3wk9l5DD+b8jhawuOSYwbUU8X+fex+8nt08AY
+MxKS3xXoO872XiW4zq6ymOyGzpTZRkPywQzrQdpjrs4umJa8hFf207liMWdHflte
+sr09NMvxcPr+WNEuKV6r
 -----END CERTIFICATE-----
diff --git a/flake.nix b/flake.nix
index ce4e01e..8962fa7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -110,7 +110,7 @@
       Marisa = nixpkgs.lib.nixosSystem {
         system = "aarch64-linux";
         modules = [
-          ./hosts/servers/marisa.nix
+          ./hosts/marisa
           #inputs.mailserver.nixosModules.mailserver
           {
             nixpkgs.pkgs = self.legacyPackages.aarch64-linux; 
@@ -124,7 +124,7 @@
       Remilia = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = [
-          ./hosts/servers/remilia.nix
+          ./hosts/remilia
           inputs.mailserver.nixosModules.mailserver
           {
             nixpkgs.pkgs = self.legacyPackages.x86_64-linux; 
diff --git a/hosts/marisa/default.nix b/hosts/marisa/default.nix
index a02b114..1884cf9 100755
--- a/hosts/marisa/default.nix
+++ b/hosts/marisa/default.nix
@@ -7,6 +7,5 @@
     ./boot.nix
     ./services.nix
   ];
-  programs.gnupg.agent.enable = pkgs.lib.mkForce false;
   system.stateVersion = "21.05";
 }
diff --git a/hosts/marisa/networking.nix b/hosts/marisa/networking.nix
index 3bd1a37..5509ca7 100755
--- a/hosts/marisa/networking.nix
+++ b/hosts/marisa/networking.nix
@@ -3,7 +3,7 @@
   networking = {
     hostName = "Marisa";
     firewall = {
-      allowedTCPPorts = [ 22 80 6060 5001 8800 8888 4444 4445 ];
+      allowedTCPPorts = [ 22 80 6060 5001 8800 8888 4444 4445 4646 ];
       allowedUDPPorts = [ 17840 ];
     };
     wireless = {
diff --git a/hosts/marisa/services.nix b/hosts/marisa/services.nix
index d8aa42c..7a33a82 100755
--- a/hosts/marisa/services.nix
+++ b/hosts/marisa/services.nix
@@ -1,36 +1,58 @@
 { lib, config, pkgs, ... }:
 {
+  systemd.services.nomad.after = [ "consul.service" ];
   services = {
     openssh = {
       enable = true;
       permitRootLogin = "yes";
     };
- /*   nomad = {
-      enable = true;
+    nomad = {
+      enable = false;
       enableDocker = true;
       settings = {
+        bind_addr = "0.0.0.0";
         data_dir = "/var/lib/nomad";
+        datacenter = "n1";
+        log_file = "/var/log/nomad/nomad.log";
         server = {
-          enable = true;
+          enabled = true;
           bootstrap_expect = 1;
+          encrypt = "nY1vuN+1ecJkwJu0s2x6Ge6UX/txvTxVqNrDMqruMlg=";
+        };
+        client = {
+          enabled = true;
         };
         vault = {
           enabled = true;
-          address = "https://10.55.0.2:6060";
-          ca_path = "../../cert.pem";
+          token = "s.WaNfk6ZISRbwsEx43UokG3HU";
+          address = "https://10.55.0.2:8800";
+          ca_file = "/var/rootcert/cert.pem";
           cert_file = "/var/vault/cert.pem";
           key_file = "/var/vault/key.pem";
-#          allow_unauthenticated = true;
+          allow_unauthenticated = false;
           create_from_role = "nomad-cluster";
         };
-
+        consul = {
+          address = "10.55.0.2:4444";
+          ssl = true;
+          allow_unauthenticated = false;
+          auto_advertise = true;
+          server_auto_join = true;
+          client_auto_join = true;
+          ca_file = "/var/certs/cert.pem";
+          cert_file = "/var/vault/cert.pem";
+          key_file = "/var/vault/key.pem";
+        };
+        acl = {
+          enabled = true;
+        };
       };
-    };*/
+    };
     vault = {
       package = pkgs.vault-bin;
       enable = true;
-      tlsCertFile = "/var/certs/cert.pem";
-      tlsKeyFile = "/var/certs/key.pem";
+      tlsCertFile = "/var/rootcert/cert.pem";
+      tlsKeyFile = "/var/rootcert/key.pem";
       address = "0.0.0.0:8800";
       storageBackend = "file";
       storagePath = "/var/lib/vault";
@@ -40,7 +62,7 @@
       '';
     };
     consul = {
-      enable = true;
+      enable = false;
       webUi = true;
       extraConfig = rec {
         bootstrap = true;
@@ -55,8 +77,10 @@
         connect = {
           enabled = true;
         };
-        encrypt = "zdlcIl2Z4D01SdNQMv6fSfBN6OkQU10LAyPvwdQDwn4=";
-        ca_file = "../../cert.pem";
+        encrypt = "dXoYbVt1Rb1cTFTWVBGO6CaFIBmc90MPCjhqttBlXi0=";
+        ca_file = "/var/rootcert/cert.pem";
+        cert_file = "/var/certs/cert.pem";
+        key_file = "/var/certs/key.pem";
         ports = {
           http = 4444;
           grpc = 4445;
@@ -68,8 +92,8 @@
       settings = {
         vault = {
           address = "https://10.55.0.2:8800";
-          client_cert = "/var/vault/cert.pem";
-          client_key = "/var/vault/key.pem";
+          client_cert = "/var/certs/cert.pem";
+          client_key = "/var/certs/key.pem";
         };
         auto_auth = {
           method = [
@@ -125,7 +149,7 @@
       };
       settings = {
         oauth2_client = {
-         UPDATE_AVATAR = true;
+          UPDATE_AVATAR = true;
         };
         ui = {
           DEFAULT_THEME = "arc-green";
@@ -139,7 +163,6 @@
       };
     };
   };
-  #  systemd.services.consul.serviceConfig.Type = "notify";
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX1HDzWpoaOcU8GDEGuDzXgxkCpyeqxRR6gLs/8JgHw"
diff --git a/hosts/remilia/services.nix b/hosts/remilia/services.nix
index 2beea3e..0003359 100755
--- a/hosts/remilia/services.nix
+++ b/hosts/remilia/services.nix
@@ -33,8 +33,8 @@
       settings = {
         vault = {
           address = "https://10.55.0.2:8800";
-          client_cert = "/var/vault/cert.pem";
-          client_key = "/var/vault/key.pem";
+          client_cert = "/var/certs/cert.pem";
+          client_key = "/var/certs/key.pem";
         };
         auto_auth = {
           method = [
diff --git a/hosts/satori/services.nix b/hosts/satori/services.nix
index 16cbcb8..c0892a2 100644
--- a/hosts/satori/services.nix
+++ b/hosts/satori/services.nix
@@ -13,12 +13,12 @@
       };
     };*/
     vault-agent = {
-      enable = true;
+      enable = false;
       settings = {
         vault = {
           address = "https://10.55.0.2:8800";
-          client_cert = "/var/vault/cert.pem";
-          client_key = "/var/vault/key.pem";
+          client_cert = "/var/certs/cert.pem";
+          client_key = "/var/certs/key.pem";
         };
         auto_auth = {
           method = [