diff --git a/flake.lock b/flake.lock
index 6c3a8b9..a2363b8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -951,11 +951,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1682803277,
-        "narHash": "sha256-K8v9TNTgeyGob7bH23K/2ZBSBphXyJ8KwfYdNNEv3NI=",
+        "lastModified": 1682945945,
+        "narHash": "sha256-DEC29PuP99B70ItXoWRbGA1+kB0Y/u5xUArwdaQ8UWI=",
         "ref": "main",
-        "rev": "d57bd16c25bac2f2e709cb9b39ded1c01aca290e",
-        "revCount": 48,
+        "rev": "ed21079d3b5cbc79f28f918ea16a735d17428570",
+        "revCount": 49,
         "type": "git",
         "url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
       },
diff --git a/flake.nix b/flake.nix
index b8fbe37..37d378a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -264,7 +264,6 @@
 
           chungus = { name, nodes, pkgs, ... }: {
             deployment.targetHost = "${name}.private";
-            #deployment.targetHost = "192.168.178.31";
             deployment.tags = [ "server" "online" "private" ];
             imports = [
               grocy-scanner.nixosModule
diff --git a/images/machine-init-configuration.nix b/images/machine-init-configuration.nix
new file mode 100644
index 0000000..4504fe1
--- /dev/null
+++ b/images/machine-init-configuration.nix
@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+
+      "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
+      (import ./disko-config.nix { })
+    ];
+
+  networking.hostName = "nixos";
+
+  boot.supportedFilesystems = [ "zfs" ];
+  # head -c4 /dev/urandom | od -A none -t x4
+  networking.hostId = "4750e4b8";
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
+
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    htop
+    silver-searcher
+  ];
+
+  environment.extraInit = ''
+    # use vi shortcuts
+    # ----------------
+    set -o vi
+    EDITOR=vim
+  '';
+
+  services.openssh.enable = true;
+
+  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+
+
+}
diff --git a/nixos/components/network/tinc/private.nix b/nixos/components/network/tinc/private.nix
index a3cd877..fad6b8c 100644
--- a/nixos/components/network/tinc/private.nix
+++ b/nixos/components/network/tinc/private.nix
@@ -29,6 +29,12 @@ let
     "prometheus.pepe" = hosts.pepe;
     "tts.pepe" = hosts.pepe;
     "tdarr.pepe" = hosts.pepe;
+    # chungus
+    "loki.chungus" = hosts.chungus;
+    "grafana.chungus" = hosts.chungus;
+    "prometheus.chungus" = hosts.chungus;
+    "tts.chungus" = hosts.chungus;
+    "tdarr.chungus" = hosts.chungus;
   };
   network = "private";
 in
@@ -114,7 +120,7 @@ in
     };
     "chungus.${network}" = {
       hostNames = [ "chungus.${network}" hosts.chungus ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+1U/BacpMxNmLc0r72i/LkmlZapSuIABKsulJnf7Up";
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9jrbOJbgapreRjttyOKWv5vxGMThn7kAwlk8WnSyL9";
     };
     "bobi.${network}" = {
       hostNames = [ "bobi.${network}" hosts.bobi ];
diff --git a/nixos/machines/chungus/configuration.nix b/nixos/machines/chungus/configuration.nix
index 0340362..f35f7c2 100644
--- a/nixos/machines/chungus/configuration.nix
+++ b/nixos/machines/chungus/configuration.nix
@@ -40,7 +40,7 @@
   boot.supportedFilesystems = [ "zfs" ];
   # head -c4 /dev/urandom | od -A none -t x4
   networking.hostId = "e439b116";
-  boot.zfs.extraPools = [ "zraid" ];
+  #boot.zfs.extraPools = [ "zraid" ];
 
   sops.defaultSopsFile = ../../secrets/chungus.yaml;
 
@@ -51,10 +51,10 @@
 
   # todo : rename to component.init.ssh
   # todo : make tor optional
-  configuration.init-ssh = {
-    enable = "enabled";
-    kernelModules = [ "e1000e" ];
-  };
+  #configuration.init-ssh = {
+  #  enable = "prepared";
+  #  kernelModules = [ "e1000e" ];
+  #};
 
   # just enable lan
   #networking.dhcpcd.allowInterfaces = [ "enp0s25" ];