diff --git a/nixos/components/network/sshd/known-hosts-bootup.nix b/nixos/components/network/sshd/known-hosts-bootup.nix
index 198fb3b..59375bb 100644
--- a/nixos/components/network/sshd/known-hosts-bootup.nix
+++ b/nixos/components/network/sshd/known-hosts-bootup.nix
@@ -12,7 +12,6 @@ let
       onionId = fileContents "${private_assets}/onion_id_chungus";
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu";
     };
-
   };
 
 in
@@ -63,8 +62,28 @@ in
             '')
           computers;
 
+        unlockInit = mapAttrsToList
+          (name:
+            { public_ip, ... }:
+            pkgs.writers.writeDashBin "unlock-boot-${name}" ''
+              ${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 '
+              echo -n "enter password : "
+              read password
+              while [[ $(systemd-tty-ask-password-agent --list) -ne 0 ]]
+              do
+                systemd-tty-ask-password-agent --list
+                echo "$password" | systemd-tty-ask-password-agent --query
+              done
+              '
+            '')
+          {
+            orbi = {
+              public_ip = "95.216.66.212";
+            };
+          };
+
       in
-      sshTor ++ passwordTor;
+      sshTor ++ passwordTor ++ unlockInit;
 
   };
 }
diff --git a/nixos/components/terminal/git.nix b/nixos/components/terminal/git.nix
index f3d217e..79f71c1 100644
--- a/nixos/components/terminal/git.nix
+++ b/nixos/components/terminal/git.nix
@@ -19,9 +19,6 @@ with lib;
       gitAndTools.gitSVN
       gitAndTools.git2cl
 
-      # merge tools
-      meld
-
       # activate using :
       # git config --global core.pager "diff-so-fancy | less --tabs=4 -RFX"
       gitAndTools.diff-so-fancy
diff --git a/nixos/homes/palo/doom.d/init.el b/nixos/homes/palo/doom.d/init.el
index b27ecfd..9f3391b 100644
--- a/nixos/homes/palo/doom.d/init.el
+++ b/nixos/homes/palo/doom.d/init.el
@@ -146,7 +146,7 @@
        ;;nim               ; python + lisp at the speed of c
        nix                 ; I hereby declare "nix geht mehr!"
        ;;ocaml             ; an objective camel
-       org               ; organize your plain life in plain text
+       (org +roam2)        ; organize your plain life in plain text
        ;;php               ; perl's insecure younger brother
        ;;plantuml          ; diagrams for confusing people more
        ;;purescript        ; javascript, but functional
diff --git a/nixos/homes/palo/doom.d/packages.el b/nixos/homes/palo/doom.d/packages.el
index 34c1da7..e69de29 100644
--- a/nixos/homes/palo/doom.d/packages.el
+++ b/nixos/homes/palo/doom.d/packages.el
@@ -1 +0,0 @@
-(package! scad-mode)
diff --git a/nixos/homes/palo/packages/development.nix b/nixos/homes/palo/packages/development.nix
index 6409073..e0865b7 100644
--- a/nixos/homes/palo/packages/development.nix
+++ b/nixos/homes/palo/packages/development.nix
@@ -97,6 +97,8 @@ with lib;
             };
           }))
 
+          mermaid-cli
+
         ];
     })
     {
@@ -158,8 +160,6 @@ with lib;
           nixpkgs-fmt
           treefmt
 
-          mermaid-cli
-
         ] ++ (map pandocScript (lib.cartesianProductOfSets {
           inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
           outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
diff --git a/nixos/homes/palo/packages/nextcloud.nix b/nixos/homes/palo/packages/nextcloud.nix
index e3d8980..f7ffc63 100644
--- a/nixos/homes/palo/packages/nextcloud.nix
+++ b/nixos/homes/palo/packages/nextcloud.nix
@@ -29,29 +29,34 @@ let
     '';
 in
 {
-  home.packages = [
 
-    (nextcloudSync "InstantUpload")
-    (nextcloudSync "Pictures")
-    (nextcloudSync "Unterlagen")
-    (nextcloudSync "Nähen")
-    (nextcloudSync "NähenTina")
-    (nextcloudSync "Video")
-    (nextcloudSync "Kunstbuch")
-    (nextcloudSync "AWS-SolutionArchitect-Professional")
+  config = mkIf (config.gui.enable) {
 
-    borrow
+    home.packages = [
 
-    (pkgs.writeShellScriptBin "nixFlakes" ''
-      exec ${pkgs.nixUnstable}/bin/nix --experimental-features "nix-command flakes" "$@"
-    '')
+      (nextcloudSync "InstantUpload")
+      (nextcloudSync "Pictures")
+      (nextcloudSync "Unterlagen")
+      (nextcloudSync "Nähen")
+      (nextcloudSync "NähenTina")
+      (nextcloudSync "Video")
+      (nextcloudSync "Kunstbuch")
+      (nextcloudSync "AWS-SolutionArchitect-Professional")
 
-    nextcloud-client
+      borrow
 
-  ];
+      (pkgs.writeShellScriptBin "nixFlakes" ''
+        exec ${pkgs.nixUnstable}/bin/nix --experimental-features "nix-command flakes" "$@"
+      '')
+
+      nextcloud-client
+
+    ];
+
+    home.shellAliases = {
+      schulden = "borrow";
+    };
 
-  home.shellAliases = {
-    schulden = "borrow";
   };
 
 }
diff --git a/nixos/homes/palo/stylix.nix b/nixos/homes/palo/stylix.nix
index e9829f8..d78070b 100644
--- a/nixos/homes/palo/stylix.nix
+++ b/nixos/homes/palo/stylix.nix
@@ -1,6 +1,8 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
 
+  stylix.targets.swaylock.enable = config.gui.enable;
+
   stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
 
   stylix.fonts = {
diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix
index e079fbc..5e5d300 100644
--- a/nixos/machines/orbi/configuration.nix
+++ b/nixos/machines/orbi/configuration.nix
@@ -76,4 +76,5 @@
   # head -c4 /dev/urandom | od -A none -t x4
   networking.hostId = "5bb982a6";
 
+
 }
diff --git a/nixos/machines/orbi/hardware-configuration/default.nix b/nixos/machines/orbi/hardware-configuration/default.nix
index acb46ab..7c2653b 100644
--- a/nixos/machines/orbi/hardware-configuration/default.nix
+++ b/nixos/machines/orbi/hardware-configuration/default.nix
@@ -7,6 +7,7 @@ let
   # apt install -y lshw
   # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
   networkInterfaceModule = "e1000e";
+
   # ip addr
   networkInterface = "enp0s31f6";
 
@@ -26,12 +27,16 @@ let
 in
 
 {
+  system.stateVersion = "23.11";
 
   imports = [
     ./disko-config.nix
     ./hardware-configuration.nix
   ];
 
+  environment.systemPackages = [
+    pkgs.mosh
+  ];
 
   # Use GRUB2 as the boot loader.
   # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
@@ -39,29 +44,12 @@ in
     enable = true;
     efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
   };
-  #boot.loader.grub.mirroredBoots = [
-  #  { path = "/boot_sda"; devices = [ "/dev/sda" ]; }
-  #  { path = "/boot_sdb"; devices = [ "/dev/sdb" ]; }
-  #];
-
-
-  # Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
-  #networking.useDHCP = false;
-  #networking.interfaces.${networkInterface} = {
-  #  ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
-  #  ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
-  #};
-  #networking.defaultGateway = ipv4.gateway;
-  #networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
-  #networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
 
   # Initial empty root password for easy login:
   users.users.root.initialHashedPassword = "";
   services.openssh.settings.PermitRootLogin = "prohibit-password";
   services.openssh.settings.PasswordAuthentication = false;
 
-  environment.systemPackages = [ pkgs.mosh ];
-
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
   ];
@@ -69,7 +57,6 @@ in
   services.openssh.enable = true;
   services.sshguard.enable = true;
 
-  system.stateVersion = "23.11";
 
   # enable ssh on init
   # ------------------
@@ -112,12 +99,10 @@ in
   boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
   boot.initrd.systemd.enable = true;
 
-  # root shell if not booting (usefull for debugging), but hijacks luks unlock
-  #boot.initrd.systemd.emergencyAccess  = true;
+  # root shell if not booting (usefull for debugging)
+  boot.initrd.systemd.emergencyAccess = false;
+
+  # playing around with stuff
+  # boot.initrd.luks.reusePassphrases = true;
+
 }
-
-
-
-
-
-
diff --git a/nixos/machines/orbi/hardware-configuration/disko-config.nix b/nixos/machines/orbi/hardware-configuration/disko-config.nix
index cffd70b..4382a0e 100644
--- a/nixos/machines/orbi/hardware-configuration/disko-config.nix
+++ b/nixos/machines/orbi/hardware-configuration/disko-config.nix
@@ -7,12 +7,6 @@ let
   disks = [ "sda" "sdb" ];
 in
 {
-  # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
-  # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
-
-  services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
-    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
-  '';
 
   disko.devices = {
     disk =