diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index b78ad19..2498dcd 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -118,7 +118,6 @@
       ./modules/contabo
       ./modules/wg-mesh
       ./modules/ingress
-      ./modules/minio
       ./modules/widetom
     ];
 
@@ -153,12 +152,10 @@
       (modulesPath + "/profiles/qemu-guest.nix")
       ./modules/contabo
       ./modules/wg-mesh
-      ./modules/ingress
-      ./modules/minio
     ];
 
     networking.hostName = name;
-    deployment.tags = [ "ingress" "eu" "apps" "wg" ];
+    deployment.tags = [ "eu" "apps" "wg" ];
     system.stateVersion = "23.11";
 
     # TODO: move
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index 3601dd1..3130db9 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -32,6 +32,8 @@ let
           "she/her"
         ];
 
+        test1.A = vps1.A ++ vps3.A;
+
         localhost.A = [ (a "127.0.0.1") ];
         newtest.TXT = [ "uwu it works" ];
 
diff --git a/newinfra/nix/modules/hugo-chat/default.nix b/newinfra/nix/modules/hugo-chat/default.nix
new file mode 100644
index 0000000..30ce226
--- /dev/null
+++ b/newinfra/nix/modules/hugo-chat/default.nix
@@ -0,0 +1,54 @@
+{ config, ... }:
+let
+  dockerLogin = {
+    registry = "docker.nilstrieb.dev";
+    username = "nils";
+    passwordFile = config.age.secrets.docker_registry_password.path;
+  };
+in
+{
+  age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age;
+
+  virtualisation.oci-containers.containers = {
+    /*
+      hugo_chat_client:
+        container_name: hugo-chat-client
+        image: "docker.nilstrieb.dev/hugo-chat-client:63bd1922"
+        restart: always
+        ports:
+          - "5002:80"
+    */
+    hugo-chat-client = {
+      image = "docker.nilstrieb.dev/hugo-chat-client:63bd1922";
+      login = dockerLogin;
+      ports = [ "5002:80" ];
+    };
+    /*
+      hugo_chat_server:
+        container_name: hugo-chat-server
+        image: "docker.nilstrieb.dev/hugo-chat-server:63bd1922"
+        ports:
+          - "5001:8080"
+        environment:
+          SPRING_DATASOURCE_URL: "jdbc:postgresql://hugo-chat-db:5432/hugochat"
+          SPRING_DATASOURCE_PASSWORD: "${HUGO_CHAT_DB_PASSWORD}"
+        networks:
+          - hugo-chat
+    */
+    hugo-chat-server = {
+      image = "docker.nilstrieb.dev/hugo-chat-server:63bd1922";
+      ports = [ "5001:80" ];
+      environment = {
+        SPRING_DATASOURCE_URL = "jdbc:postgresql://vps1.local:5432/hugochat";
+      };
+      environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
+      login = dockerLogin;
+    };
+    /*
+      POSTGRES_PASSWORD: "${HUGO_CHAT_DB_PASSWORD}"
+      PGDATA: "/var/lib/postgresql/data/pgdata"
+    */
+
+    services.postgresql.ensureDatabases = [ "hugochat" ];
+  };
+}
diff --git a/newinfra/nix/modules/minio/default.nix b/newinfra/nix/modules/minio/default.nix
deleted file mode 100644
index 30420a1..0000000
--- a/newinfra/nix/modules/minio/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, ... }: {
-  age.secrets.minio_env_file.file = ../../secrets/minio_env_file.age;
-
-  services.minio = {
-    enable = true;
-    region = "eu";
-    rootCredentialsFile = config.age.secrets.minio_env_file.path;
-  };
-}
diff --git a/newinfra/nix/modules/postgres/default.nix b/newinfra/nix/modules/postgres/default.nix
new file mode 100644
index 0000000..cb37e10
--- /dev/null
+++ b/newinfra/nix/modules/postgres/default.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+  };
+}
diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age
index 694e0f2..334b141 100644
--- a/newinfra/nix/secrets/docker_registry_password.age
+++ b/newinfra/nix/secrets/docker_registry_password.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg h7thhES4AbX7wd5Q0GC+VOIPU+yRezLL/yGlP1oNRT8
-owpgDNXP3xaM8vLv2UoU3ZanvATRneY01wnSEwJ62RQ
---- 77pBCJdp1bAPFZqAJHCE8f0baRQf1pYupF9rN6XN+IQ
-G’å¬+·îk$LœH¬¡ÁH’_§pPq8úª–‡ûkî½qÞ‡a+ÆºæÛØUZ:GAØq
\ No newline at end of file
+-> ssh-ed25519 qM6TYg Mi5DHbfLOMSQaKaB78XZbA273KGvj/HHF4vOiMRsMjA
+Zf7+IY93cTywmg7qjGyQ00YLJTc3MstQKyfFfpDqWic
+--- KCKAhA7w141LPjEGSUI/azd8YFPn2EJWPGTyYXlnX+4
+œ æØPÉ_íg$vCý¢ÃÜh/…Êjz:chðíd#W¤ci ãjE3…ëkó>tû`ð
\ No newline at end of file
diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age
new file mode 100644
index 0000000..adc8f3c
--- /dev/null
+++ b/newinfra/nix/secrets/hugochat_db_password.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 qM6TYg f2NnXHIO+lzuRNlvp70HCjFET8cqwLrQjEdXkK4wVgg
+HAUu/GGX/UHewWbCXfaiYx5h8xyLXN/Y3kTYHn+GT5M
+--- tx0L90qNb6i1Bv1P5QsZUNu7FKQT3j09h/T1QDdwRZ8
+ž¯c³”ÖÜÿö¨aÿUòqb!ÊfFÇ”	UAiÁ{Ï”„²³|9Ã?Ð[bHp›ÅA©ÓnÃê§^g	0œµÓ“;þÆœ¤:ûyu»‘ŸÞmúïó–îæ¸±ÒÒò
\ No newline at end of file
diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age
index 78566be..5e1edbd 100644
Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ
diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix
index 960383a..1630851 100644
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@@ -6,6 +6,7 @@ in
   "widetom_bot_token.age".publicKeys = [ vps1 ];
   "widetom_config_toml.age".publicKeys = [ vps1 ];
   "docker_registry_password.age".publicKeys = [ vps1 ];
+  "hugochat_db_password.age".publicKeys = [ vps1 ];
   "minio_env_file.age".publicKeys = [ vps1 vps3 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
   "wg_private_vps3.age".publicKeys = [ vps3 ];
diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age
index 1378fb6..7421c7e 100644
Binary files a/newinfra/nix/secrets/wg_private_vps1.age and b/newinfra/nix/secrets/wg_private_vps1.age differ
diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age
index 963d009..c36bd97 100644
Binary files a/newinfra/nix/secrets/wg_private_vps3.age and b/newinfra/nix/secrets/wg_private_vps3.age differ
diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age
index 658c684..586cbc5 100644
--- a/newinfra/nix/secrets/widetom_bot_token.age
+++ b/newinfra/nix/secrets/widetom_bot_token.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg QH/EVwQfdmMHu8vIo9syo0bTUyNBKoe3A07SjurCc1E
-i/yDjhUQ19xSRvVrVM6AYDdKiVZl9De0x2nYe6oTOTQ
---- FYddl3UOUij5+7pHERg9HXlXejFIJCRXOmD3HbyolDg
-°ñq-s¾Ù¹\ìøN6ò¨î£Ç‘K.ÞÁ‹xÐ–ˆ¶**A¹€WÂßVYŠŸÎÞê»Õ~Ù	u©Ác«}›d„<Wòz8æ—&ÛpGXÞèã…õMë_knW9ä
\ No newline at end of file
+-> ssh-ed25519 qM6TYg ftpW/zGgZcGI6jnmrkYlOO9bjMNHO7vk/WJIlCQzYTE
+LXRiwiUinl5HTt9ZfA+HQlSIL5K1TXFzLQXigEajU38
+--- pE7CTJBICuROEQUVmK3hDad8yoiurMXvkizsAuZn6HA
+†ÐœŒ Nø&Ê‘ûã‡Ò™iD4óéQ›ËSdZÚmSI	DÎÂ$ŽIÜßîýdC’Œ¿}¦Y À¥ŽjÌ.Í-¶»HüN­€Ô;[Ûñ}†¥ŸÄd»|
\ No newline at end of file
diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age
index 75cccf6..af4eb9d 100644
Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ
diff --git a/newinfra/secrets-git-crypt/hugochat_db_password b/newinfra/secrets-git-crypt/hugochat_db_password
new file mode 100644
index 0000000..adfca8d
Binary files /dev/null and b/newinfra/secrets-git-crypt/hugochat_db_password differ