diff --git a/newinfra/nix/apps/killua/default.nix b/newinfra/nix/apps/killua/default.nix
new file mode 100644
index 0000000..ce6b7be
--- /dev/null
+++ b/newinfra/nix/apps/killua/default.nix
@@ -0,0 +1,35 @@
+{ config, lib, ... }:
+let dataDir = "/var/lib/killua"; in
+{
+  age.secrets.killua_env.file = ../../secrets/killua_env.age;
+
+  virtualisation.oci-containers.containers = {
+    killua = {
+      image = "docker.noratrieb.dev/killua-bot:ac8203d2";
+      volumes = [
+        "${dataDir}:/data"
+      ];
+      environment = {
+        KILLUA_JSON_PATH = "/data/trivia_questions.json";
+      };
+      environmentFiles = [ config.age.secrets.killua_env.path ];
+      login = {
+        registry = "docker.noratrieb.dev";
+        username = "nils";
+        passwordFile = config.age.secrets.docker_registry_password.path;
+      };
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "killua";
+      file = "${dataDir}/trivia_questions.json";
+    }
+  ];
+
+  system.activationScripts.makeKilluaDir = lib.stringAfter [ "var" ] ''
+    mkdir -p ${dataDir}
+    chmod ugo+w ${dataDir}
+  '';
+}
diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index 20c9bb6..8bda9d8 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -168,6 +168,7 @@
       ./apps/hugo-chat
       ./apps/uptime
       ./apps/cargo-bisect-rustc-service
+      ./apps/killua
     ];
 
     deployment.tags = [ "ingress" "eu" "apps" "wg" ];
diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/newinfra/nix/secrets/backup_s3_secret.age
index 003ef35..c14365e 100644
Binary files a/newinfra/nix/secrets/backup_s3_secret.age and b/newinfra/nix/secrets/backup_s3_secret.age differ
diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age
index 086a912..f92ebf5 100644
Binary files a/newinfra/nix/secrets/caddy_s3_key_secret.age and b/newinfra/nix/secrets/caddy_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age
index fa31a33..1520492 100644
--- a/newinfra/nix/secrets/docker_registry_password.age
+++ b/newinfra/nix/secrets/docker_registry_password.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg 1HgGuuBWZKvGpR755SyGybRGIq26JR8qb4x4hywwWU8
-6e0gmCgL6CttzzzZ73oUYzpCcvhArAdFJGycwacFaIY
---- tfUAHcZONQZuZIXtumjCh1Crawf+BSl7djHSHC3WvJ8
-Sùs¢ƒ.²QeMçœ~Kàâ!ÙŸ•\‹‡ˆC¥¨qêy¥^)S¸ìGøjaòŽaÕ™
\ No newline at end of file
+-> ssh-ed25519 qM6TYg zTO/UdUBxYl0Q3IZT7iLOPDUCiWPp5K1a157Qlc6awQ
+TfmaPGwtJwj6Qi4nuQDPAcbiS6d+wLNyc101qWtK05U
+--- Y4KMA/9Tjq2Dpe80sG4UIVgLht9rPdT3qAI1ZMujspU
+ò¦äññQ“x3*…QU=àÉHèÙ2Íàˆ30àÏÝ2ñG÷Š
+šr)k/ÜYë¬ÒhcÝ
\ No newline at end of file
diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age
index 4aa6674..e379948 100644
Binary files a/newinfra/nix/secrets/garage_secrets.age and b/newinfra/nix/secrets/garage_secrets.age differ
diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age
index cbba5bf..e073db5 100644
Binary files a/newinfra/nix/secrets/grafana_admin_password.age and b/newinfra/nix/secrets/grafana_admin_password.age differ
diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age
index a7f95a0..0479e62 100644
Binary files a/newinfra/nix/secrets/hugochat_db_password.age and b/newinfra/nix/secrets/hugochat_db_password.age differ
diff --git a/newinfra/nix/secrets/killua_env.age b/newinfra/nix/secrets/killua_env.age
new file mode 100644
index 0000000..084c13d
Binary files /dev/null and b/newinfra/nix/secrets/killua_env.age differ
diff --git a/newinfra/nix/secrets/loki_env.age b/newinfra/nix/secrets/loki_env.age
index ac87033..fe77fe4 100644
Binary files a/newinfra/nix/secrets/loki_env.age and b/newinfra/nix/secrets/loki_env.age differ
diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age
index 52e7b35..b9147b1 100644
Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ
diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age
index 65f648b..1b3fc08 100644
Binary files a/newinfra/nix/secrets/registry_htpasswd.age and b/newinfra/nix/secrets/registry_htpasswd.age differ
diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age
index 00f42ca..f100830 100644
Binary files a/newinfra/nix/secrets/registry_s3_key_secret.age and b/newinfra/nix/secrets/registry_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/newinfra/nix/secrets/s3_mc_admin_client.age
index 42ef966..746181f 100644
Binary files a/newinfra/nix/secrets/s3_mc_admin_client.age and b/newinfra/nix/secrets/s3_mc_admin_client.age differ
diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix
index dfb89b6..3924101 100644
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@@ -20,6 +20,7 @@ in
   "loki_env.age".publicKeys = [ vps3 ];
   "backup_s3_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
   "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
+  "killua_env.age".publicKeys = [ vps1 ];
   "wg_private_dns1.age".publicKeys = [ dns1 ];
   "wg_private_dns2.age".publicKeys = [ dns2 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/newinfra/nix/secrets/wg_private_dns1.age
index 3dc6f81..b6d12ee 100644
Binary files a/newinfra/nix/secrets/wg_private_dns1.age and b/newinfra/nix/secrets/wg_private_dns1.age differ
diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age
index 5b3d149..b2f475d 100644
--- a/newinfra/nix/secrets/wg_private_dns2.age
+++ b/newinfra/nix/secrets/wg_private_dns2.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 5bWSnQ yYpbqupe6d0ZiH4CxnkHx6clUSI6VOAwiFicoeghIi8
-Q1rxBbAhYeZfi5uSNW7/kE/sn15ZpDSxC/P8/SuekWQ
---- CsY6lrPSTBryg9t7U1FfnoAYoz0pDRhRpkTy+bsJrZc
-E¤›'¯½fŽìå0Ö7TÉBcôœã¯¦±‚-ß¬½&‚K¬“pdç~¯ØG„üÄÁµm8: )L¡pyÎòœ xË²ûÑ<ˆÿ
\ No newline at end of file
+-> ssh-ed25519 5bWSnQ EtJ6xvnAKqBQAcMkg8ZvqlKLds+fAurbMDwa2y59WzY
+1K7hYZsklt50rzd3m3s+eJz4QRnLffCTJkNdg5XgXko
+--- rwXlwZH92YleL48/WiC7+sjUSPRcIak5S4UIkhoSD10
+¢µ.µ“‚ÂÒSœWóùá<-ý8YÄÝ?è)T&«¥üªÃŠN¦ÁÞ2ÛZJ¦„;â&ÑÒÂ39dúÔ{¸8šëÝ:yÜ^ßKë™²*‰
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age
index 44225da..88b3727 100644
Binary files a/newinfra/nix/secrets/wg_private_vps1.age and b/newinfra/nix/secrets/wg_private_vps1.age differ
diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age
index d7388a4..579ce11 100644
--- a/newinfra/nix/secrets/wg_private_vps3.age
+++ b/newinfra/nix/secrets/wg_private_vps3.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ Z787iJONQm/qtLcIIeEKXYd2nu+fuhUnUGgtCsYzmAk
-u9LPx7wwwUzBvAUQ1VudVMQNPGiUXrgF9bt5o3gJpCE
---- zOK68y4biCz5HLuRpQC04CdmAzJTJNErdYCOpopv4gc
-
-³3½Øþ‚nu™RÈÛðäæ±qþ¬ón0­=JC²Sþp€oƒFÃ‚]¥Æhy-¾X\ajƒ½|n~½#0Š#kg5ŒÈ[¶s
\ No newline at end of file
+-> ssh-ed25519 XzACZQ zCt7Biavy5amayc4xU57K6vv+4/MgKZRhNwvA6xdJQE
+z/TWt8WbdZcXsbZSmiJ/Yp1ormoVk88HlXxY+8lmF60
+--- x5fpB686RpY4KxbKu940m29V4E+wdzd417YaUxzT4V4
+®a[…G‹‚ìÞg”ç‰¢¶ÎÛ˜Yß'¶ƒ¹*|ÂÛWmPBR–ZÏ­þb\ùÊ³ÇH›AO$„ûkÃÇ .8{ô'n¯º4«#¼'
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age
index fda3f23..bcaae8c 100644
Binary files a/newinfra/nix/secrets/wg_private_vps4.age and b/newinfra/nix/secrets/wg_private_vps4.age differ
diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age
index 6faebf3..177217f 100644
--- a/newinfra/nix/secrets/wg_private_vps5.age
+++ b/newinfra/nix/secrets/wg_private_vps5.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 vT7ExA dkSxicpdvSQagXqKlUQniPWc+rlJX5jNm+z4hGTBpTE
-SdMHYW1u1KZ9oA4Jvd+GS95NC3vNWOvwziRtnuSJVP8
---- ceiXWtAwbztkvzcqIs5c/PSZm8i1LebKoZwq2asmDv4
-I¤^»þ7ÞÜhá!üEB–)ê%ŸQ¬£ˆÔ+TJÕ(iïã[a"ö@nHÿPüØÿðLÁzÛ-AH[…NJikê8>¿a£Ð%ûáŠ
\ No newline at end of file
+-> ssh-ed25519 vT7ExA CiVQ2IEuo9cylHm0eq8jH6gVCl9rH3hOoPbu5z4ye2o
+b2OM+VVNBul+AbeMRCfGyauki/OtDDQ6i3vyFSe2U/E
+--- IBWDOHXQNklZZRKsWEZt81tMNqw6HJFFk7U1HP8sgXs
+JDžÍl”q¢ÅLÖ±jb÷ëBº©‡ZÿeÄkl.“o\Õïê|opàAWÞÊ¦Ì‚1¡h>N×¡ÈØ`åf^ V‘Zâ½¿Ó?«
\ No newline at end of file
diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age
index 0cf4c28..820a7b6 100644
--- a/newinfra/nix/secrets/widetom_bot_token.age
+++ b/newinfra/nix/secrets/widetom_bot_token.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg qQle0goi67ti4vBo08kuW0eMyu84L/BD1DoWJG9TVEk
-UuPIdnOsyQM/o4Mt4y9gVis0jyMuxg30h5Gqc52BqCk
---- SJmbppqEFhPnb5k2DlyeUuHGzB6nYJcOBvr0s7Y//ls
-jnl³}.rø‰#SF&¿ðjÂ;Å«b“ÖùTxZQ{·;öa$ão"ÿÞßß™éºípJå½Ö~ÛÃdùÊ¸EÅ~¶XQ+°e)|l‚Ú7>÷/û½
\ No newline at end of file
+-> ssh-ed25519 qM6TYg 8PHArngZr845Vyzvr06Syrn4w3mV1vbeMKnSzd7PtUc
+GoI7ssVbQzlQAZPopxMpyKdhv1BixF+eac5nQA0Q+i4
+--- c/MJSct6IxWiitSeEGez2c55nQ94A22OuM4NliuHpOk
+ÿw*­_P‡fÁYÓ×Yç-‡š¡©ylAtˆÙ½U!ÀAÐ‡Uì³1÷5f‘cFùÀ/ðžœcÉŠZ%)NÁ¯÷Áhƒ‹âTtd–þÅÈÚ?²›7>ë:UÅkü
\ No newline at end of file
diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age
index a4a749e..bbf709a 100644
Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ
diff --git a/newinfra/secrets-git-crypt/killua_env b/newinfra/secrets-git-crypt/killua_env
new file mode 100644
index 0000000..9a67980
Binary files /dev/null and b/newinfra/secrets-git-crypt/killua_env differ
diff --git a/playbooks/vps2.yml b/playbooks/vps2.yml
index 21d7c98..4435e61 100644
--- a/playbooks/vps2.yml
+++ b/playbooks/vps2.yml
@@ -15,14 +15,6 @@
         hour: "7"
         job: "/apps/backup.sh"
     #####
-    # APP: killua bot, /apps/killua
-    #####
-    - name: Create /apps/killua
-      ansible.builtin.file:
-        path: /apps/killua
-        state: directory
-        mode: "u=rwx,g=rx,o=rx"
-    #####
     # APP: karin bot, /apps/karin-bot
     #####
     - name: Create /apps/karin-bot
diff --git a/secrets/vps2.env b/secrets/vps2.env
index 18a4126..3f2edc7 100644
Binary files a/secrets/vps2.env and b/secrets/vps2.env differ
diff --git a/vps2/backup.sh b/vps2/backup.sh
index cdecfc0..a3bada1 100755
--- a/vps2/backup.sh
+++ b/vps2/backup.sh
@@ -65,8 +65,6 @@ function upload_directory {
     rm "$tmppath"
 }
 
-upload_file "killua/trivia_questions.json"
-
 upload_pg_dump "cors-school" "cors-school-db" "davinci" "postgres"
 upload_pg_dump "openolat" "openolat-db" "oodb" "oodbu"
 
diff --git a/vps2/docker-compose.yml b/vps2/docker-compose.yml
index efd2003..9da708b 100644
--- a/vps2/docker-compose.yml
+++ b/vps2/docker-compose.yml
@@ -1,14 +1,5 @@
 version: "3.8"
 services:
-  killua:
-    container_name: killua
-    image: "docker.noratrieb.dev/killua-bot:ac8203d2"
-    restart: always
-    volumes:
-      - "/apps/killua:/app/config"
-    environment:
-      BOT_TOKEN: "${KILLUA_BOT_TOKEN}"
-      KILLUA_JSON_PATH: /app/config/trivia_questions.json
   #### Karin
   karin_bot_db:
     container_name: karin-bot-db