diff --git a/nix/apps/widetom/default.nix b/nix/apps/widetom/default.nix
index b58890c..45080a1 100644
--- a/nix/apps/widetom/default.nix
+++ b/nix/apps/widetom/default.nix
@@ -1,33 +1,47 @@
-{ config, ... }: {
-  age.secrets.widetom_bot_token.file = ../../secrets/widetom_bot_token.age;
-  age.secrets.widetom_config_toml.file = ../../secrets/widetom_config_toml.age;
-
-  virtualisation.oci-containers.containers = {
-    /*
-      container_name: widetom
-      image: "docker.noratrieb.dev/widetom:33d17387"
-      restart: always
-      volumes:
-        - "/apps/widetom:/app/config"
-      environment:
-        CONFIG_PATH: /app/config/config.toml
-        BOT_TOKEN_PATH: /app/config/bot_token
-    */
-    widetom = {
-      image = "docker.noratrieb.dev/widetom:33d17387";
-      volumes = [
-        "${config.age.secrets.widetom_config_toml.path}:/config.toml"
-        "${config.age.secrets.widetom_bot_token.path}:/token"
-      ];
-      environment = {
-        CONFIG_PATH = "/config.toml";
-        BOT_TOKEN_PATH = "/token";
-      };
-      login = {
-        registry = "docker.noratrieb.dev";
-        username = "nils";
-        passwordFile = config.age.secrets.docker_registry_password.path;
-      };
+{ config, pkgs, lib, my-projects-versions, ... }:
+let
+  widetom = pkgs.rustPlatform.buildRustPackage {
+    src = pkgs.fetchFromGitHub {
+      owner = "Noratrieb";
+      repo = "widetom";
+      rev = my-projects-versions.widetom;
+      hash = "sha256-lSjlDozwKRLF62jsDaWo+8+rcQdeEgurEnuw00hk3o8=";
+    };
+    pname = "widetom";
+    version = "0.1.0";
+    cargoHash = "sha256-AWbdPcDc+QOW7U/FYbqlIsg+3MwfggKCTCw1z/ZbSEE=";
+    meta = {
+      mainProgram = "widertom";
     };
   };
+in
+{
+  age.secrets.widetom_bot_token = {
+    file = ../../secrets/widetom_bot_token.age;
+    owner = config.users.users.widetom.name;
+  };
+  age.secrets.widetom_config_toml = {
+    file = ../../secrets/widetom_config_toml.age;
+    owner = config.users.users.widetom.name;
+  };
+
+  systemd.services.widetom = {
+    description = "widetom, the extremely funny discord bot";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    environment = {
+      BOT_TOKEN_PATH = config.age.secrets.widetom_bot_token.path;
+      CONFIG_PATH = config.age.secrets.widetom_config_toml.path;
+    };
+    serviceConfig = {
+      DynamicUser = true;
+      ExecStart = lib.getExe widetom;
+    };
+  };
+
+  users.users.widetom = {
+    group = "widetom";
+    isSystemUser = true;
+  };
+  users.groups.widetom = { };
 }
diff --git a/nix/my-projects.json b/nix/my-projects.json
index 0fd82e9..bf6a386 100644
--- a/nix/my-projects.json
+++ b/nix/my-projects.json
@@ -6,5 +6,6 @@
   "quotdd": "e922229e1d9e055be35dabd112bafc87a0686548",
   "does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1",
   "upload.files.noratrieb.dev": "0124fa5ba5446cb463fb6b3c4f52e7e6b84e5077",
-  "cluelessh": "5f203d0f5ba2639043bd5bd1c3687c406d6abac1"
+  "cluelessh": "c711cd405da4b7951e554577d09c9576bedf7970",
+  "widetom": "33d1738799618d72fe2b86896f766cbfea58dc76"
 }