diff --git a/newinfra/nix/apps/openolat/default.nix b/newinfra/nix/apps/openolat/default.nix
new file mode 100644
index 0000000..0c2672f
--- /dev/null
+++ b/newinfra/nix/apps/openolat/default.nix
@@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+let
+  dockerLogin = {
+    registry = "docker.noratrieb.dev";
+    username = "nils";
+    passwordFile = config.age.secrets.docker_registry_password.path;
+  };
+in
+{
+  age.secrets.openolat_db_password.file = ../../secrets/openolat_db_password.age;
+
+  virtualisation.oci-containers.containers = {
+    openolat = {
+      image = "docker.noratrieb.dev/openolat:69b3c8b6";
+      volumes = [
+        "/var/lib/openolat/files:/home/openolat/olatdata"
+        "${./extra-properties.properties}:/home/openolat/extra-properties.properties"
+      ];
+      ports = [ "127.0.0.1:5011:8088" ];
+      environment = {
+        # DB_PASSWORD = from openolat_db_password
+        DB_URL = "jdbc:postgresql://openolat-db:5432/oodb";
+        EXTRA_PROPERTIES = "/home/openolat/extra-properties.properties";
+        OLAT_HOST = "olat.noratrieb.dev";
+      };
+      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
+      extraOptions = [ "--network=openolat" ];
+
+      dependsOn = [ "openolat-db" ];
+      login = dockerLogin;
+    };
+
+    openolat-db = {
+      image = "postgres:15";
+      volumes = [ "/var/lib/openolat/db:/var/lib/postgresql/data" ];
+      environment = {
+        POSTGRES_DB = "oodb";
+        POSTGRES_USER = "oodbu";
+        # POSTGRES_PASSWORD = from openolat_db_password
+        PGDATA = "/var/lib/postgresql/data/pgdata";
+      };
+      extraOptions = [ "--network=openolat" ];
+      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "openolat-db";
+      pgDump = {
+        containerName = "openolat-db";
+        dbName = "oodb";
+        userName = "oodbu";
+      };
+    }
+  ];
+
+  # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
+  systemd.services.init-openolat-podman-network = {
+    description = "Create the network bridge for openolat.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      	${lib.getExe pkgs.podman} network create openolat || true
+      	'';
+  };
+  system.activationScripts.makeOpenolatDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/openolat/db
+    mkdir -p /var/lib/openolat/files
+  '';
+}
diff --git a/newinfra/nix/apps/openolat/extra-properties.properties b/newinfra/nix/apps/openolat/extra-properties.properties
new file mode 100644
index 0000000..17343fa
--- /dev/null
+++ b/newinfra/nix/apps/openolat/extra-properties.properties
@@ -0,0 +1 @@
+enforce.utf8.filesystem=false
diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index 6f8f97d..8d9e491 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -178,6 +178,7 @@
       ./apps/cargo-bisect-rustc-service
       ./apps/killua
       ./apps/forgejo
+      ./apps/openolat
     ];
 
     deployment.tags = [ "caddy" "eu" "apps" "website" ];
diff --git a/newinfra/nix/modules/caddy/vps1.Caddyfile b/newinfra/nix/modules/caddy/vps1.Caddyfile
index 7a6ea25..ebeb08e 100644
--- a/newinfra/nix/modules/caddy/vps1.Caddyfile
+++ b/newinfra/nix/modules/caddy/vps1.Caddyfile
@@ -65,6 +65,19 @@ git.noratrieb.dev {
 	reverse_proxy * localhost:5015
 }
 
+olat.noratrieb.dev {
+	log
+	encode zstd gzip
+	reverse_proxy * localhost:5011
+}
+
+# unsure if necessary... something was misconfigured in the past here...
+olat.noratrieb.dev:8088 {
+	log
+	encode zstd gzip
+	reverse_proxy * localhost:5011
+}
+
 ################################################################
 # redirects
 
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index cd9a438..81c1910 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -70,6 +70,7 @@ let
         uptime = vps1;
         does-it-build = vps4;
         git = vps1;
+        olat = vps1;
 
         # --- fun shit
         localhost.A = [ (a "127.0.0.1") ];
diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/newinfra/nix/secrets/backup_s3_secret.age
index 33cf448..9298136 100644
Binary files a/newinfra/nix/secrets/backup_s3_secret.age and b/newinfra/nix/secrets/backup_s3_secret.age differ
diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age
index ec58e07..6b75178 100644
Binary files a/newinfra/nix/secrets/caddy_s3_key_secret.age and b/newinfra/nix/secrets/caddy_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age
index d975c53..bc89cad 100644
Binary files a/newinfra/nix/secrets/docker_registry_password.age and b/newinfra/nix/secrets/docker_registry_password.age differ
diff --git a/newinfra/nix/secrets/forgejo_s3_key_secret.age b/newinfra/nix/secrets/forgejo_s3_key_secret.age
index a62b401..93ae17a 100644
Binary files a/newinfra/nix/secrets/forgejo_s3_key_secret.age and b/newinfra/nix/secrets/forgejo_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age
index b9bf376..25936cc 100644
--- a/newinfra/nix/secrets/garage_secrets.age
+++ b/newinfra/nix/secrets/garage_secrets.age
@@ -1,13 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg SovdMEtsuAN3HnwyoGcQsVtcpYObyh1N/VKbw4rN/B4
-neYvPr3H7Z0n42eXSacdJ2syK2tX4ZG8dVzdXYKMC3E
--> ssh-ed25519 XzACZQ O2zwX8G4Ladh+jlPtzvGKBJUCZwRdzEFBZMjQ6utlic
-EuxJbsnCtMU3iPGL+rtNPiA+r6h9IBHQGOo1krTSGMs
--> ssh-ed25519 51bcvA +ytU9agDEYXwSkjGXqTuGJFNX0H4gVg3NrSq+irpqR4
-WqB9xcniSoq+7MPZkeujE+Z5Et8q3u+/yEULeSU7Ka8
--> ssh-ed25519 vT7ExA NHrhD8lzaN2QUvnU5obIGFsFdC1tvADd7cfNONcvdGE
-egoyBBL9r0XV0bGOq+686PoOPICvYnE/erlZvQMJ4ps
---- j+CR0XGs/Z0D/f8PJVUu5m8ksetR0X9UgX2uLgRFGtY
-ëqÇRKS¢DE**²™”Ñ¸Wû´67½2ªZý(¦¨³“}v¨ÐÊÒ·+¢ýG¡®jÜì|'?´º_o¡¼(uÖÍ¨!õ‚ðº +ƒ\äg¯ûg`dIr¾{#ÝÏdÒùƒ³©‘;Í(UŸ¬ùýö´¸(ÿM(hkrí6áQóþn÷Ê!râ¦ÝBŠ_2)à
-^–è¹bš²8R°\ÒÝóÂ·a
-“»›]jB‚û›D½Ó%2`×=HÆÔz
\ No newline at end of file
+-> ssh-ed25519 qM6TYg dSNo/WHtuVibuLghfNnznYw6+zsMJOWvi7LitHSn3AY
+pfZti2of1OZVOgVR+wXZrhGggtZ2W3jyUADDWVxQHfs
+-> ssh-ed25519 XzACZQ d5+ZaKmyb1yTZJ0mvPYl6On9XaOp8Z59zNQXVtEj6F8
++Ku4GwagVLPZHzOpkaFPZ1i5NoB9Z+Eyd0tuY28yS5Y
+-> ssh-ed25519 51bcvA PxNLpJLMnUrlyzKUairI6Y+f6BYn7N9e/OURoiHcWQk
+FsXdpP0pM+Xvst93kHIG+KsDlwrRRks4jxl+Q487Msc
+-> ssh-ed25519 vT7ExA PE9zzE4bKcexXg6LuoQnUOJbvNlqQF//qm1fgB6sM0M
+YSzgtZ+zGoTljLHrxeIY7MQV7xmLNDPFEeVrSq37QHA
+--- VGV6MkGwLwYmCq73bDzIJaRRTESJ9a1fieP1AJNiAUs
+‹j\ËÈ_I9Îd±UK÷ Ë ïF1^Òoð±uÀÍJÛÛo
+¹£ÄÉP"šltÖ±v%èõÚan›«©EëZX2’’×©«S;¤’	J¥›$~žjcgŠ\«~5$Ö„ü*Ï	]§"²·«Ù þñjS²+qÎ—@wç·¨Ëš¥‡ôNÁ’ƒ¿1€F@¾’k©•×$_ýaÎÂ…;Zö|ÃX‡L¿Kh¡0Àó6®±ì¿"Ñ<Ù‘
\ No newline at end of file
diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age
index 3ac1c50..41f0ce1 100644
--- a/newinfra/nix/secrets/grafana_admin_password.age
+++ b/newinfra/nix/secrets/grafana_admin_password.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ rfGZDBIu3I6xLw/ZZXAaXNtcIdxhH8hIDzbvZ0co9T4
-FElMCSmBpJTt559GQwgwg1ojjaYVUB6AU4abWBDaG2E
---- thNXco05W/7JETn5LsK+38orUQY3dOA9+/9/2Y2p/+E
-(D€Já`&ôMqïNe#
-…VÉ`)þ)Ë«ÕÅ4wi<é;/áü´ò–/Pæ»dÌšþ^öÊroâFÐ4è¥%™*`á©€Hi0¥N§¹ñ"ÐR9-½¹ÏP›Ž´ŒÍNWnç
\ No newline at end of file
+-> ssh-ed25519 XzACZQ gikrlnVBvWOpWLhDy6eZ+BM/DMwerHQ5xl1KuXuRHCc
+epErSJOxYqbjXuCZL2gF1iBiAuS6pf5JHtJCPCCDkUg
+--- CnSLl0Mg5FGSf8G1N/LkX/xygMvCguiE2NGaL7TwGTk
+|w‚†8çÓÒ‘,ûE`ô¼PÄr#~¦Bb{hQÀ‘Â["“ìÐy_þðO„ì™ì#¹EJêü>Æ”¢–oð	^Õ#(š˜Užd­^¯çbÞ©H·ó\ßßÁ%6NJú
\ No newline at end of file
diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age
index 68594dd..4107bb3 100644
Binary files a/newinfra/nix/secrets/hugochat_db_password.age and b/newinfra/nix/secrets/hugochat_db_password.age differ
diff --git a/newinfra/nix/secrets/killua_env.age b/newinfra/nix/secrets/killua_env.age
index df30832..a687f62 100644
Binary files a/newinfra/nix/secrets/killua_env.age and b/newinfra/nix/secrets/killua_env.age differ
diff --git a/newinfra/nix/secrets/loki_env.age b/newinfra/nix/secrets/loki_env.age
index e2ecddf..2906c38 100644
--- a/newinfra/nix/secrets/loki_env.age
+++ b/newinfra/nix/secrets/loki_env.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ eBMqugfTB9wfhD2TgF2svakZ0tDdXjfIlurhXBf0+TM
-vJoHbSZT6BdvWfwcQVtjBUBa0x3b+Va6SyOuSL4soKY
---- eQQWdfE5bnx0EOu+4IzdlGwPLBEN6AAC8xA0u6/wXhE
-’Ö}2T‡?á	;Âì1ít7©k¹š˜Áî—J”O¾»Í{Ç¸$ó„³
-3uóBAœ°d>Œt»íôf¯râX‰_=jØõŠ¿R>^!QÁÆà;`[»öF!šŸ¥VÑÛír©Î ®ŠÍÊM_SÝDç„ð‰ÜÖG‹vaT;†’ÞP«‡·éñ¦hiÍ¿]O<ƒ·¶
\ No newline at end of file
+-> ssh-ed25519 XzACZQ LZJxX7aRBk26DYdfkd3vC2OLvIVBiZrvCroihjzka2c
+xze/qJWOJXXJaoUjS2Bd8Rfk3SOkN1HXRN3U0hmiKPQ
+--- NgSxh6hohM1C5hiAafFHWifJrb5mY87cTQgLzX9lVe8
+S´>ÜgßÔ>¦·Ù±ïg?}‹€ù=è<IÕÉ>þ³FaaÀT(ö¨¯# Rñ©€á‰VåÙdB3Åü]m™`´³t7–á?}´Y´Ñ/MøÁK™‘beŒsr<CÜ‘*¯ßÚéôýã.‘A³½±¢ãR½ìúŽP‡ú³oÝ=|V(òA*m–«	el¸ öŸÃ
\ No newline at end of file
diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age
index b44c59b..654e4c3 100644
Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ
diff --git a/newinfra/nix/secrets/openolat_db_password.age b/newinfra/nix/secrets/openolat_db_password.age
new file mode 100644
index 0000000..3aad0a6
--- /dev/null
+++ b/newinfra/nix/secrets/openolat_db_password.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg yvo9tUxGgQETQ0w1qgr2wMp1Fu1FtryEnSq3CCcHIk8
+tVCZg826Pus5LtguOV22XIzvyQ/vlZFb0rYSyJhg0iE
+--- mkZIfeMIepMwEp47GeFo1wiYr66W9nBPP2vfvlzOF2o
+qnuâ†È6çCØ¿åzu·Ÿ–=~îüŽË¬6Qò”¬›ôž’¢ë™²?Wm%ë`’Z¼ãáU_X®¶]®Tu!äÐºß€êæ½`Gbu¾uf<âž^ÊõÁ¼£/i8²üN(rˆSm¼ÀøøkÚ`d…ãx})”tšgHÐ‡DÉ`¼*VE,`’i
\ No newline at end of file
diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age
index d7ce43d..15f74b3 100644
--- a/newinfra/nix/secrets/registry_htpasswd.age
+++ b/newinfra/nix/secrets/registry_htpasswd.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg EJWWxPHa5Rww9uwiEwHPKKBcc5SiwFlpiLjDRXrnfyA
-5DGTo4fsFuT8Vsutc4nSXq1NDoljSnUVlmviJcZFVKQ
---- Ha/ILA1plnnAwr3FdjeKicWHKwfHxjxUp9zhwihkgkI
-ˆ«ÌóûÂõ^HH22üVÃ«®o«ŒPÐÛ¯<8s‘§-MPFäMEîÜrö]nž3ió‘áuñŒ-Â˜‹¶ßY'ˆ#æ@°ëœFXclV¢ûÁxiÞáF‘–à
\ No newline at end of file
+-> ssh-ed25519 qM6TYg 0Y1d6GtpFGUUtfldl4+CKq8e0bWvcPGnR8I/N6L1XSM
+8HwFO3zIWh7+3J/rhFQCgty1k1FYU3SS9cF4ekbwZfI
+--- a7x+V3pI9cekGbdl6SfR3B7MOUxnNGOf+MJsPLDq/r4
+áYþU†…Š×¨N’ñ®¨9î×xÿàs¸â˜üÃÎ@4.òœßËGƒ2žB;ìž¶Wzˆ†3‰#Qi–4®þ¯§ÒÂfoµÑÂ˜åXEìcÿ·ªv³]×ÅÉšî7Éþºç
\ No newline at end of file
diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age
index 29337b3..91288e1 100644
Binary files a/newinfra/nix/secrets/registry_s3_key_secret.age and b/newinfra/nix/secrets/registry_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/newinfra/nix/secrets/s3_mc_admin_client.age
index 77cb7be..f8b93d8 100644
Binary files a/newinfra/nix/secrets/s3_mc_admin_client.age and b/newinfra/nix/secrets/s3_mc_admin_client.age differ
diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix
index dcb12f3..dbc1da9 100644
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@@ -11,6 +11,7 @@ in
   "widetom_config_toml.age".publicKeys = [ vps1 ];
   "docker_registry_password.age".publicKeys = [ vps1 ];
   "hugochat_db_password.age".publicKeys = [ vps1 ];
+  "openolat_db_password.age".publicKeys = [ vps1 ];
   "minio_env_file.age".publicKeys = [ vps1 vps3 ];
   "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
   "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/newinfra/nix/secrets/wg_private_dns1.age
index e56c44a..39f0f71 100644
Binary files a/newinfra/nix/secrets/wg_private_dns1.age and b/newinfra/nix/secrets/wg_private_dns1.age differ
diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age
index 3640ef1..3657409 100644
Binary files a/newinfra/nix/secrets/wg_private_dns2.age and b/newinfra/nix/secrets/wg_private_dns2.age differ
diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age
index 152a0ee..3e7321e 100644
--- a/newinfra/nix/secrets/wg_private_vps1.age
+++ b/newinfra/nix/secrets/wg_private_vps1.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg wMMdxXZc1yZiD9oS6ne/7Ne29uz+Q97kYYjZtyhR9Qs
-hNwS16RMdvb7hNfjRdUow/sYtUcta4YPoe4qh0jAEOE
---- 30m6ILfUyjxm/nindgNcujh4bGOUvMbrcArSLEd2NuI
-Ì¢×î0ÍÃÉfÌÜÍ-1TØ‘à_s>?f·I[L•À…•ÇÏmL4¯á«#ÛÑ,qwÔÂåPY-[’‰n$áòÁ¦ ­µ4
\ No newline at end of file
+-> ssh-ed25519 qM6TYg vC8XBZQGff/q/SEsiIb+pyhfE/2MCWbo1m+suXpzyhY
+r2R02FSzrpiPyoAeiPqWNdXc0Jqd6v2rv4hxo89LqD8
+--- NBCfTZYGNmAHQOABVhlcsgbJmKpmeUM15FdKLQjVazw
+,t¬}˜ ¨¾“­| &¦“-À^uüÊU6Z_ì&Ú—Úuôe[wá—™–Ó	_ë²¢°
+£^£®\Ý(ëœ†gP‚y-j‹éš;ýùD
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age
index 80bcbf4..ddb65ce 100644
--- a/newinfra/nix/secrets/wg_private_vps3.age
+++ b/newinfra/nix/secrets/wg_private_vps3.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ k5WVMoS1WD1Jb+RfV0OOW5umLFfEdfIqDodBViQFvzc
-kypBLkD32beBsTtEoCyH0b9L4GAxorTFhqH3nhkO72w
---- aUbimoG2VppL5CPG3tES+zp/cINt6ZjNnthvCcpt0ww
-‹kð…éÈ~iÃ"ÃßB˜÷V¸M‘DEù´–QöBŠuòKP§ñâàuä×h¦GCÞ±épT‰±íØé)t¤l€Çnö
\ No newline at end of file
+-> ssh-ed25519 XzACZQ FnGfRDdT9kQXeYzv7yzwI+1fVXmeseC6YVCCzeoeLCQ
+HydL6WRBzLmqAKNmf0kzBmZiFRQ8KM3dHEdx2676Nx0
+--- E7+8BYiNPPm3fI6FiEii2txlbsesfSXuE2Nxvb7Zlx4
+™m»5q®÷ÞÁ~ú>R-­¡·ôeŒ~ÿ+$¦˜•TÌ5öPäõr´nH:$4ðj¦kþB÷$CqRuóïˆM˜mªF`‹þA4·Ñe
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age
index 80365e8..15bf0d4 100644
--- a/newinfra/nix/secrets/wg_private_vps4.age
+++ b/newinfra/nix/secrets/wg_private_vps4.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 51bcvA A5RlnDQ8XJQK5KqxwrvVsrfJKVzb22/c/J/EPvfhtRA
-ByXVkK+QIuGV9bCgcqYOAj54k/O6SrYBLrJIQMec0nA
---- S+1ZbskI6F3pIT8Pm9qjoHpHu0BmihvC1c9D77sghVY
-·Ë{X‡ã¶w°õÿ<ñp‘äœøé“’ÊZ¶S¯>ˆG*KD_r;Åæ9«ÄºO"s<áÓ™Cb6ú#lûQ“Éa¸<˜j)Ïu
\ No newline at end of file
+-> ssh-ed25519 51bcvA IVcXj0PQpO6Rj7ovi4GgoQF77sRDdumHNavSVdQXcHI
+O7j/05HqbjLvIYh9cT/iT8p6GMDn14vDOqU3Jh6tUIc
+--- wt0viOUTFWu9ze3CcQ4i1xMrb+RLTOg2hcVsDwbzMzA
+ÇâiÍ-_ñŒrË£Æ*=Öî@Ÿ“|D3éÕeå%ö´näÈ­YÈò'í×RŠ°h3î‡VËü%-=¡à¾W¸Óî‹;¼icS
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age
index 079f000..b38a13d 100644
Binary files a/newinfra/nix/secrets/wg_private_vps5.age and b/newinfra/nix/secrets/wg_private_vps5.age differ
diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age
index 367f0cb..a114651 100644
Binary files a/newinfra/nix/secrets/widetom_bot_token.age and b/newinfra/nix/secrets/widetom_bot_token.age differ
diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age
index b3bc49c..27f4f5d 100644
Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ
diff --git a/newinfra/secrets-git-crypt/openolat_db_password b/newinfra/secrets-git-crypt/openolat_db_password
new file mode 100644
index 0000000..fc78ce3
Binary files /dev/null and b/newinfra/secrets-git-crypt/openolat_db_password differ
diff --git a/secrets/vps2.env b/secrets/vps2.env
index 3f2edc7..bdcfc28 100644
Binary files a/secrets/vps2.env and b/secrets/vps2.env differ
diff --git a/vps2/Caddyfile b/vps2/Caddyfile
index a2e9f34..f5e1903 100644
--- a/vps2/Caddyfile
+++ b/vps2/Caddyfile
@@ -45,11 +45,3 @@ api.cors-school.nilstrieb.dev {
 cors-school.nilstrieb.dev {
 	reverse_proxy * localhost:5004
 }
-
-olat.nilstrieb.dev {
-	reverse_proxy * localhost:5011
-}
-
-olat.nilstrieb.dev:8088 {
-	reverse_proxy * localhost:5011
-}
diff --git a/vps2/backup.sh b/vps2/backup.sh
index a3bada1..560d54b 100755
--- a/vps2/backup.sh
+++ b/vps2/backup.sh
@@ -66,7 +66,6 @@ function upload_directory {
 }
 
 upload_pg_dump "cors-school" "cors-school-db" "davinci" "postgres"
-upload_pg_dump "openolat" "openolat-db" "oodb" "oodbu"
 
 # shellcheck disable=SC1091
 source "karin-bot/.env"
diff --git a/vps2/docker-compose.yml b/vps2/docker-compose.yml
index 9da708b..b66cc6c 100644
--- a/vps2/docker-compose.yml
+++ b/vps2/docker-compose.yml
@@ -103,39 +103,7 @@ services:
   #     - "25565:25565"
   #   volumes:
   #     - /apps/minecraft/server:/data
-  ##### openolat
-  openolat_db:
-    container_name: openolat-db
-    image: "postgres:latest"
-    restart: always
-    volumes:
-      - "/apps/openolat/data:/var/lib/postgresql/data"
-    environment:
-      POSTGRES_DB: oodb
-      POSTGRES_USER: oodbu
-      POSTGRES_PASSWORD: "${OPENOLAT_DB_PASSWORD}"
-      PGDATA: "/var/lib/postgresql/data/pgdata"
-    networks:
-      - openolat-network
-  openolat:
-    container_name: openolat
-    image: "docker.noratrieb.dev/openolat:69b3c8b6"
-    restart: always
-    volumes:
-      - "/apps/openolat/olatdata:/home/openolat/olatdata"
-      - "/apps/openolat/extra-properties.properties:/home/openolat/extra-properties.properties"
-    ports:
-      - "5011:8088"
-    environment:
-      DB_PASSWORD: "${OPENOLAT_DB_PASSWORD}"
-      DB_URL: "jdbc:postgresql://openolat-db:5432/oodb"
-      EXTRA_PROPERTIES: "/home/openolat/extra-properties.properties"
-      OLAT_HOST: olat.nilstrieb.dev
-    networks:
-      - openolat-network
 
 networks:
   cors-school:
   karin-bot:
-  openolat-network:
-  prometheus: