diff --git a/flake.lock b/flake.lock
index 7b39c25..11e52b1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -847,19 +847,15 @@
       }
     },
     "retiolum": {
-      "flake": false,
       "locked": {
-        "lastModified": 1673744639,
-        "narHash": "sha256-3mcre4Rp86xhPwpTqBLZbX3YX7F5P7ySW9e7tckZ+YM=",
-        "owner": "krebs",
-        "repo": "retiolum",
-        "rev": "dbe439afc45434b0e53fa3c88ee37e07dad922d5",
-        "type": "github"
+        "lastModified": 1675123215,
+        "narHash": "sha256-ZDnwiqDJHF3Bxf+JpzRtqNY9jsGO7+z8P854o9JQCs4=",
+        "type": "git",
+        "url": "file:///home/palo/dev/nixos/retiolum"
       },
       "original": {
-        "owner": "krebs",
-        "repo": "retiolum",
-        "type": "github"
+        "type": "git",
+        "url": "file:///home/palo/dev/nixos/retiolum"
       }
     },
     "revealjs": {
@@ -936,11 +932,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1675168228,
-        "narHash": "sha256-n2SBJNQxdWZhnqQwTZS2QDCiPDyBPHHUslGTEpAYCTk=",
+        "lastModified": 1675174539,
+        "narHash": "sha256-RdHMRqzvtVFOQ009z8v3Ir7QyMUr+PyHaMznxHykuE8=",
         "ref": "main",
-        "rev": "ca6040e71ff71e905d896bdbdf8f9c74930ecc78",
-        "revCount": 41,
+        "rev": "d3c4b49122aa5b5d3fcbe98823dfbbc26cd048e3",
+        "revCount": 42,
         "type": "git",
         "url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
       },
diff --git a/flake.nix b/flake.nix
index 7f56cc4..2e8e17b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -60,8 +60,8 @@
       flake = false;
     };
     retiolum = {
-      url = "github:krebs/retiolum";
-      flake = false;
+      #url = "github:Mic92/retiolum";
+      url = "git+file:///home/palo/dev/nixos/retiolum";
     };
     landingpage = {
       #url = "git+file:///home/palo/dev/landingpage";
@@ -144,7 +144,7 @@
               ];
             };
             specialArgs = {
-              inherit private_assets retiolum;
+              inherit private_assets;
             };
           };
 
@@ -180,7 +180,10 @@
             imports = [
               grocy-scanner.nixosModule
               nixos-hardware.nixosModules.lenovo-thinkpad-x220
+              retiolum.nixosModules.retiolum
             ];
+
+
             home-manager.users.mainUser = {
               imports = [
                 doom-emacs-nix.hmModule
diff --git a/nixos/machines/robi/webhook-ring.nix b/nixos/machines/robi/webhook-ring.nix
index 8cdd421..5bf5cd0 100644
--- a/nixos/machines/robi/webhook-ring.nix
+++ b/nixos/machines/robi/webhook-ring.nix
@@ -4,6 +4,9 @@
 #
 # create QR Code with:
 # qrencode -o ./test.png http://ring.ingolf-wagner.de
+#
+# for secure urls check
+# https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/
 {
 
   sops.secrets.ringPushover = {
diff --git a/nixos/machines/sterni/tinc.nix b/nixos/machines/sterni/tinc.nix
index c7f55b7..d552c21 100644
--- a/nixos/machines/sterni/tinc.nix
+++ b/nixos/machines/sterni/tinc.nix
@@ -1,3 +1,4 @@
+{ config, ... }:
 {
 
   tinc.private.enable = true;
@@ -6,4 +7,9 @@
   tinc.secret.enable = true;
   tinc.secret.ipv4 = "10.123.42.24";
 
+  # retiolum
+  networking.retiolum.port = 720;
+  sops.secrets.tinc_retiolum_ed25519_key = { };
+  services.tinc.networks.retiolum.ed25519PrivateKeyFile = config.sops.secrets.tinc_retiolum_ed25519_key.path;
+
 }