diff --git a/newinfra/nix/apps/openolat/default.nix b/newinfra/nix/apps/openolat/default.nix
deleted file mode 100644
index 0c2672f..0000000
--- a/newinfra/nix/apps/openolat/default.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  dockerLogin = {
-    registry = "docker.noratrieb.dev";
-    username = "nils";
-    passwordFile = config.age.secrets.docker_registry_password.path;
-  };
-in
-{
-  age.secrets.openolat_db_password.file = ../../secrets/openolat_db_password.age;
-
-  virtualisation.oci-containers.containers = {
-    openolat = {
-      image = "docker.noratrieb.dev/openolat:69b3c8b6";
-      volumes = [
-        "/var/lib/openolat/files:/home/openolat/olatdata"
-        "${./extra-properties.properties}:/home/openolat/extra-properties.properties"
-      ];
-      ports = [ "127.0.0.1:5011:8088" ];
-      environment = {
-        # DB_PASSWORD = from openolat_db_password
-        DB_URL = "jdbc:postgresql://openolat-db:5432/oodb";
-        EXTRA_PROPERTIES = "/home/openolat/extra-properties.properties";
-        OLAT_HOST = "olat.noratrieb.dev";
-      };
-      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
-      extraOptions = [ "--network=openolat" ];
-
-      dependsOn = [ "openolat-db" ];
-      login = dockerLogin;
-    };
-
-    openolat-db = {
-      image = "postgres:15";
-      volumes = [ "/var/lib/openolat/db:/var/lib/postgresql/data" ];
-      environment = {
-        POSTGRES_DB = "oodb";
-        POSTGRES_USER = "oodbu";
-        # POSTGRES_PASSWORD = from openolat_db_password
-        PGDATA = "/var/lib/postgresql/data/pgdata";
-      };
-      extraOptions = [ "--network=openolat" ];
-      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
-    };
-  };
-
-  services.custom-backup.jobs = [
-    {
-      app = "openolat-db";
-      pgDump = {
-        containerName = "openolat-db";
-        dbName = "oodb";
-        userName = "oodbu";
-      };
-    }
-  ];
-
-  # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
-  systemd.services.init-openolat-podman-network = {
-    description = "Create the network bridge for openolat.";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig.Type = "oneshot";
-    script = ''
-      	${lib.getExe pkgs.podman} network create openolat || true
-      	'';
-  };
-  system.activationScripts.makeOpenolatDir = lib.stringAfter [ "var" ] ''
-    mkdir -p /var/lib/openolat/db
-    mkdir -p /var/lib/openolat/files
-  '';
-}
diff --git a/newinfra/nix/apps/openolat/extra-properties.properties b/newinfra/nix/apps/openolat/extra-properties.properties
deleted file mode 100644
index 17343fa..0000000
--- a/newinfra/nix/apps/openolat/extra-properties.properties
+++ /dev/null
@@ -1 +0,0 @@
-enforce.utf8.filesystem=false
diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index 8d9e491..6f8f97d 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -178,7 +178,6 @@
       ./apps/cargo-bisect-rustc-service
       ./apps/killua
       ./apps/forgejo
-      ./apps/openolat
     ];
 
     deployment.tags = [ "caddy" "eu" "apps" "website" ];
diff --git a/newinfra/nix/modules/caddy/vps1.Caddyfile b/newinfra/nix/modules/caddy/vps1.Caddyfile
index e337003..7a6ea25 100644
--- a/newinfra/nix/modules/caddy/vps1.Caddyfile
+++ b/newinfra/nix/modules/caddy/vps1.Caddyfile
@@ -65,19 +65,6 @@ git.noratrieb.dev {
 	reverse_proxy * localhost:5015
 }
 
-olat.noratrieb.dev {
-	log
-	encode zstd gzip
-	reverse_proxy * localhost:5011
-}
-
-# unsure if necessary... something was misconfigured in the past here...
-olat.noratrieb.dev:8088 {
-	log
-	encode zstd gzip
-	reverse_proxy * localhost:5011
-}
-
 ################################################################
 # redirects
 
@@ -125,13 +112,3 @@ uptime.nilstrieb.dev {
 	log
 	redir https://uptime.noratrieb.dev{uri} permanent
 }
-
-olat.nilstrieb.dev {
-	log
-	redir https://olat.noratrieb.dev{uri} permanent
-}
-
-olat.nilstrieb.dev:8088 {
-	log
-	redir https://olat.noratrieb.dev{uri} permanent
-}
diff --git a/newinfra/nix/modules/dns/nilstrieb.dev.nix b/newinfra/nix/modules/dns/nilstrieb.dev.nix
index f804411..0011484 100644
--- a/newinfra/nix/modules/dns/nilstrieb.dev.nix
+++ b/newinfra/nix/modules/dns/nilstrieb.dev.nix
@@ -41,6 +41,7 @@ let
         cors-school = vps2 // {
           subdomains.api = vps2;
         };
+        olat = vps2;
 
         localhost.A = [ (a "127.0.0.1") ];
 
@@ -53,7 +54,6 @@ let
         hugo-chat = vps1 // {
           subdomains.api = vps1;
         };
-        olat = vps1;
         # ---
 
         # infra (legacy)
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index 81c1910..cd9a438 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -70,7 +70,6 @@ let
         uptime = vps1;
         does-it-build = vps4;
         git = vps1;
-        olat = vps1;
 
         # --- fun shit
         localhost.A = [ (a "127.0.0.1") ];
diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/newinfra/nix/secrets/backup_s3_secret.age
index 9298136..33cf448 100644
Binary files a/newinfra/nix/secrets/backup_s3_secret.age and b/newinfra/nix/secrets/backup_s3_secret.age differ
diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age
index 6b75178..ec58e07 100644
Binary files a/newinfra/nix/secrets/caddy_s3_key_secret.age and b/newinfra/nix/secrets/caddy_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age
index bc89cad..d975c53 100644
Binary files a/newinfra/nix/secrets/docker_registry_password.age and b/newinfra/nix/secrets/docker_registry_password.age differ
diff --git a/newinfra/nix/secrets/forgejo_s3_key_secret.age b/newinfra/nix/secrets/forgejo_s3_key_secret.age
index 93ae17a..a62b401 100644
Binary files a/newinfra/nix/secrets/forgejo_s3_key_secret.age and b/newinfra/nix/secrets/forgejo_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age
index 25936cc..b9bf376 100644
--- a/newinfra/nix/secrets/garage_secrets.age
+++ b/newinfra/nix/secrets/garage_secrets.age
@@ -1,12 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg dSNo/WHtuVibuLghfNnznYw6+zsMJOWvi7LitHSn3AY
-pfZti2of1OZVOgVR+wXZrhGggtZ2W3jyUADDWVxQHfs
--> ssh-ed25519 XzACZQ d5+ZaKmyb1yTZJ0mvPYl6On9XaOp8Z59zNQXVtEj6F8
-+Ku4GwagVLPZHzOpkaFPZ1i5NoB9Z+Eyd0tuY28yS5Y
--> ssh-ed25519 51bcvA PxNLpJLMnUrlyzKUairI6Y+f6BYn7N9e/OURoiHcWQk
-FsXdpP0pM+Xvst93kHIG+KsDlwrRRks4jxl+Q487Msc
--> ssh-ed25519 vT7ExA PE9zzE4bKcexXg6LuoQnUOJbvNlqQF//qm1fgB6sM0M
-YSzgtZ+zGoTljLHrxeIY7MQV7xmLNDPFEeVrSq37QHA
---- VGV6MkGwLwYmCq73bDzIJaRRTESJ9a1fieP1AJNiAUs
-‹j\ËÈ_I9Îd±UK÷ Ë ïF1^Òoð±uÀÍJÛÛo
-¹£ÄÉP"šltÖ±v%èõÚan›«©EëZX2’’×©«S;¤’	J¥›$~žjcgŠ\«~5$Ö„ü*Ï	]§"²·«Ù þñjS²+qÎ—@wç·¨Ëš¥‡ôNÁ’ƒ¿1€F@¾’k©•×$_ýaÎÂ…;Zö|ÃX‡L¿Kh¡0Àó6®±ì¿"Ñ<Ù‘
\ No newline at end of file
+-> ssh-ed25519 qM6TYg SovdMEtsuAN3HnwyoGcQsVtcpYObyh1N/VKbw4rN/B4
+neYvPr3H7Z0n42eXSacdJ2syK2tX4ZG8dVzdXYKMC3E
+-> ssh-ed25519 XzACZQ O2zwX8G4Ladh+jlPtzvGKBJUCZwRdzEFBZMjQ6utlic
+EuxJbsnCtMU3iPGL+rtNPiA+r6h9IBHQGOo1krTSGMs
+-> ssh-ed25519 51bcvA +ytU9agDEYXwSkjGXqTuGJFNX0H4gVg3NrSq+irpqR4
+WqB9xcniSoq+7MPZkeujE+Z5Et8q3u+/yEULeSU7Ka8
+-> ssh-ed25519 vT7ExA NHrhD8lzaN2QUvnU5obIGFsFdC1tvADd7cfNONcvdGE
+egoyBBL9r0XV0bGOq+686PoOPICvYnE/erlZvQMJ4ps
+--- j+CR0XGs/Z0D/f8PJVUu5m8ksetR0X9UgX2uLgRFGtY
+ëqÇRKS¢DE**²™”Ñ¸Wû´67½2ªZý(¦¨³“}v¨ÐÊÒ·+¢ýG¡®jÜì|'?´º_o¡¼(uÖÍ¨!õ‚ðº +ƒ\äg¯ûg`dIr¾{#ÝÏdÒùƒ³©‘;Í(UŸ¬ùýö´¸(ÿM(hkrí6áQóþn÷Ê!râ¦ÝBŠ_2)à
+^–è¹bš²8R°\ÒÝóÂ·a
+“»›]jB‚û›D½Ó%2`×=HÆÔz
\ No newline at end of file
diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age
index 41f0ce1..3ac1c50 100644
--- a/newinfra/nix/secrets/grafana_admin_password.age
+++ b/newinfra/nix/secrets/grafana_admin_password.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ gikrlnVBvWOpWLhDy6eZ+BM/DMwerHQ5xl1KuXuRHCc
-epErSJOxYqbjXuCZL2gF1iBiAuS6pf5JHtJCPCCDkUg
---- CnSLl0Mg5FGSf8G1N/LkX/xygMvCguiE2NGaL7TwGTk
-|w‚†8çÓÒ‘,ûE`ô¼PÄr#~¦Bb{hQÀ‘Â["“ìÐy_þðO„ì™ì#¹EJêü>Æ”¢–oð	^Õ#(š˜Užd­^¯çbÞ©H·ó\ßßÁ%6NJú
\ No newline at end of file
+-> ssh-ed25519 XzACZQ rfGZDBIu3I6xLw/ZZXAaXNtcIdxhH8hIDzbvZ0co9T4
+FElMCSmBpJTt559GQwgwg1ojjaYVUB6AU4abWBDaG2E
+--- thNXco05W/7JETn5LsK+38orUQY3dOA9+/9/2Y2p/+E
+(D€Já`&ôMqïNe#
+…VÉ`)þ)Ë«ÕÅ4wi<é;/áü´ò–/Pæ»dÌšþ^öÊroâFÐ4è¥%™*`á©€Hi0¥N§¹ñ"ÐR9-½¹ÏP›Ž´ŒÍNWnç
\ No newline at end of file
diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age
index 4107bb3..68594dd 100644
Binary files a/newinfra/nix/secrets/hugochat_db_password.age and b/newinfra/nix/secrets/hugochat_db_password.age differ
diff --git a/newinfra/nix/secrets/killua_env.age b/newinfra/nix/secrets/killua_env.age
index a687f62..df30832 100644
Binary files a/newinfra/nix/secrets/killua_env.age and b/newinfra/nix/secrets/killua_env.age differ
diff --git a/newinfra/nix/secrets/loki_env.age b/newinfra/nix/secrets/loki_env.age
index 2906c38..e2ecddf 100644
--- a/newinfra/nix/secrets/loki_env.age
+++ b/newinfra/nix/secrets/loki_env.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ LZJxX7aRBk26DYdfkd3vC2OLvIVBiZrvCroihjzka2c
-xze/qJWOJXXJaoUjS2Bd8Rfk3SOkN1HXRN3U0hmiKPQ
---- NgSxh6hohM1C5hiAafFHWifJrb5mY87cTQgLzX9lVe8
-S´>ÜgßÔ>¦·Ù±ïg?}‹€ù=è<IÕÉ>þ³FaaÀT(ö¨¯# Rñ©€á‰VåÙdB3Åü]m™`´³t7–á?}´Y´Ñ/MøÁK™‘beŒsr<CÜ‘*¯ßÚéôýã.‘A³½±¢ãR½ìúŽP‡ú³oÝ=|V(òA*m–«	el¸ öŸÃ
\ No newline at end of file
+-> ssh-ed25519 XzACZQ eBMqugfTB9wfhD2TgF2svakZ0tDdXjfIlurhXBf0+TM
+vJoHbSZT6BdvWfwcQVtjBUBa0x3b+Va6SyOuSL4soKY
+--- eQQWdfE5bnx0EOu+4IzdlGwPLBEN6AAC8xA0u6/wXhE
+’Ö}2T‡?á	;Âì1ít7©k¹š˜Áî—J”O¾»Í{Ç¸$ó„³
+3uóBAœ°d>Œt»íôf¯râX‰_=jØõŠ¿R>^!QÁÆà;`[»öF!šŸ¥VÑÛír©Î ®ŠÍÊM_SÝDç„ð‰ÜÖG‹vaT;†’ÞP«‡·éñ¦hiÍ¿]O<ƒ·¶
\ No newline at end of file
diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age
index 654e4c3..b44c59b 100644
Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ
diff --git a/newinfra/nix/secrets/openolat_db_password.age b/newinfra/nix/secrets/openolat_db_password.age
deleted file mode 100644
index 3aad0a6..0000000
--- a/newinfra/nix/secrets/openolat_db_password.age
+++ /dev/null
@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 qM6TYg yvo9tUxGgQETQ0w1qgr2wMp1Fu1FtryEnSq3CCcHIk8
-tVCZg826Pus5LtguOV22XIzvyQ/vlZFb0rYSyJhg0iE
---- mkZIfeMIepMwEp47GeFo1wiYr66W9nBPP2vfvlzOF2o
-qnuâ†È6çCØ¿åzu·Ÿ–=~îüŽË¬6Qò”¬›ôž’¢ë™²?Wm%ë`’Z¼ãáU_X®¶]®Tu!äÐºß€êæ½`Gbu¾uf<âž^ÊõÁ¼£/i8²üN(rˆSm¼ÀøøkÚ`d…ãx})”tšgHÐ‡DÉ`¼*VE,`’i
\ No newline at end of file
diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age
index 15f74b3..d7ce43d 100644
--- a/newinfra/nix/secrets/registry_htpasswd.age
+++ b/newinfra/nix/secrets/registry_htpasswd.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg 0Y1d6GtpFGUUtfldl4+CKq8e0bWvcPGnR8I/N6L1XSM
-8HwFO3zIWh7+3J/rhFQCgty1k1FYU3SS9cF4ekbwZfI
---- a7x+V3pI9cekGbdl6SfR3B7MOUxnNGOf+MJsPLDq/r4
-áYþU†…Š×¨N’ñ®¨9î×xÿàs¸â˜üÃÎ@4.òœßËGƒ2žB;ìž¶Wzˆ†3‰#Qi–4®þ¯§ÒÂfoµÑÂ˜åXEìcÿ·ªv³]×ÅÉšî7Éþºç
\ No newline at end of file
+-> ssh-ed25519 qM6TYg EJWWxPHa5Rww9uwiEwHPKKBcc5SiwFlpiLjDRXrnfyA
+5DGTo4fsFuT8Vsutc4nSXq1NDoljSnUVlmviJcZFVKQ
+--- Ha/ILA1plnnAwr3FdjeKicWHKwfHxjxUp9zhwihkgkI
+ˆ«ÌóûÂõ^HH22üVÃ«®o«ŒPÐÛ¯<8s‘§-MPFäMEîÜrö]nž3ió‘áuñŒ-Â˜‹¶ßY'ˆ#æ@°ëœFXclV¢ûÁxiÞáF‘–à
\ No newline at end of file
diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age
index 91288e1..29337b3 100644
Binary files a/newinfra/nix/secrets/registry_s3_key_secret.age and b/newinfra/nix/secrets/registry_s3_key_secret.age differ
diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/newinfra/nix/secrets/s3_mc_admin_client.age
index f8b93d8..77cb7be 100644
Binary files a/newinfra/nix/secrets/s3_mc_admin_client.age and b/newinfra/nix/secrets/s3_mc_admin_client.age differ
diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix
index dbc1da9..dcb12f3 100644
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@@ -11,7 +11,6 @@ in
   "widetom_config_toml.age".publicKeys = [ vps1 ];
   "docker_registry_password.age".publicKeys = [ vps1 ];
   "hugochat_db_password.age".publicKeys = [ vps1 ];
-  "openolat_db_password.age".publicKeys = [ vps1 ];
   "minio_env_file.age".publicKeys = [ vps1 vps3 ];
   "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
   "caddy_s3_key_secret.age".publicKeys = [ vps1 vps3 vps4 vps5 ];
diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/newinfra/nix/secrets/wg_private_dns1.age
index 39f0f71..e56c44a 100644
Binary files a/newinfra/nix/secrets/wg_private_dns1.age and b/newinfra/nix/secrets/wg_private_dns1.age differ
diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age
index 3657409..3640ef1 100644
Binary files a/newinfra/nix/secrets/wg_private_dns2.age and b/newinfra/nix/secrets/wg_private_dns2.age differ
diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age
index 3e7321e..152a0ee 100644
--- a/newinfra/nix/secrets/wg_private_vps1.age
+++ b/newinfra/nix/secrets/wg_private_vps1.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg vC8XBZQGff/q/SEsiIb+pyhfE/2MCWbo1m+suXpzyhY
-r2R02FSzrpiPyoAeiPqWNdXc0Jqd6v2rv4hxo89LqD8
---- NBCfTZYGNmAHQOABVhlcsgbJmKpmeUM15FdKLQjVazw
-,t¬}˜ ¨¾“­| &¦“-À^uüÊU6Z_ì&Ú—Úuôe[wá—™–Ó	_ë²¢°
-£^£®\Ý(ëœ†gP‚y-j‹éš;ýùD
\ No newline at end of file
+-> ssh-ed25519 qM6TYg wMMdxXZc1yZiD9oS6ne/7Ne29uz+Q97kYYjZtyhR9Qs
+hNwS16RMdvb7hNfjRdUow/sYtUcta4YPoe4qh0jAEOE
+--- 30m6ILfUyjxm/nindgNcujh4bGOUvMbrcArSLEd2NuI
+Ì¢×î0ÍÃÉfÌÜÍ-1TØ‘à_s>?f·I[L•À…•ÇÏmL4¯á«#ÛÑ,qwÔÂåPY-[’‰n$áòÁ¦ ­µ4
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age
index ddb65ce..80bcbf4 100644
--- a/newinfra/nix/secrets/wg_private_vps3.age
+++ b/newinfra/nix/secrets/wg_private_vps3.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ FnGfRDdT9kQXeYzv7yzwI+1fVXmeseC6YVCCzeoeLCQ
-HydL6WRBzLmqAKNmf0kzBmZiFRQ8KM3dHEdx2676Nx0
---- E7+8BYiNPPm3fI6FiEii2txlbsesfSXuE2Nxvb7Zlx4
-™m»5q®÷ÞÁ~ú>R-­¡·ôeŒ~ÿ+$¦˜•TÌ5öPäõr´nH:$4ðj¦kþB÷$CqRuóïˆM˜mªF`‹þA4·Ñe
\ No newline at end of file
+-> ssh-ed25519 XzACZQ k5WVMoS1WD1Jb+RfV0OOW5umLFfEdfIqDodBViQFvzc
+kypBLkD32beBsTtEoCyH0b9L4GAxorTFhqH3nhkO72w
+--- aUbimoG2VppL5CPG3tES+zp/cINt6ZjNnthvCcpt0ww
+‹kð…éÈ~iÃ"ÃßB˜÷V¸M‘DEù´–QöBŠuòKP§ñâàuä×h¦GCÞ±épT‰±íØé)t¤l€Çnö
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age
index 15bf0d4..80365e8 100644
--- a/newinfra/nix/secrets/wg_private_vps4.age
+++ b/newinfra/nix/secrets/wg_private_vps4.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 51bcvA IVcXj0PQpO6Rj7ovi4GgoQF77sRDdumHNavSVdQXcHI
-O7j/05HqbjLvIYh9cT/iT8p6GMDn14vDOqU3Jh6tUIc
---- wt0viOUTFWu9ze3CcQ4i1xMrb+RLTOg2hcVsDwbzMzA
-ÇâiÍ-_ñŒrË£Æ*=Öî@Ÿ“|D3éÕeå%ö´näÈ­YÈò'í×RŠ°h3î‡VËü%-=¡à¾W¸Óî‹;¼icS
\ No newline at end of file
+-> ssh-ed25519 51bcvA A5RlnDQ8XJQK5KqxwrvVsrfJKVzb22/c/J/EPvfhtRA
+ByXVkK+QIuGV9bCgcqYOAj54k/O6SrYBLrJIQMec0nA
+--- S+1ZbskI6F3pIT8Pm9qjoHpHu0BmihvC1c9D77sghVY
+·Ë{X‡ã¶w°õÿ<ñp‘äœøé“’ÊZ¶S¯>ˆG*KD_r;Åæ9«ÄºO"s<áÓ™Cb6ú#lûQ“Éa¸<˜j)Ïu
\ No newline at end of file
diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age
index b38a13d..079f000 100644
Binary files a/newinfra/nix/secrets/wg_private_vps5.age and b/newinfra/nix/secrets/wg_private_vps5.age differ
diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age
index a114651..367f0cb 100644
Binary files a/newinfra/nix/secrets/widetom_bot_token.age and b/newinfra/nix/secrets/widetom_bot_token.age differ
diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age
index 27f4f5d..b3bc49c 100644
Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ
diff --git a/newinfra/secrets-git-crypt/openolat_db_password b/newinfra/secrets-git-crypt/openolat_db_password
deleted file mode 100644
index fc78ce3..0000000
Binary files a/newinfra/secrets-git-crypt/openolat_db_password and /dev/null differ
diff --git a/secrets/vps2.env b/secrets/vps2.env
index bdcfc28..3f2edc7 100644
Binary files a/secrets/vps2.env and b/secrets/vps2.env differ
diff --git a/vps2/Caddyfile b/vps2/Caddyfile
index f5e1903..a2e9f34 100644
--- a/vps2/Caddyfile
+++ b/vps2/Caddyfile
@@ -45,3 +45,11 @@ api.cors-school.nilstrieb.dev {
 cors-school.nilstrieb.dev {
 	reverse_proxy * localhost:5004
 }
+
+olat.nilstrieb.dev {
+	reverse_proxy * localhost:5011
+}
+
+olat.nilstrieb.dev:8088 {
+	reverse_proxy * localhost:5011
+}
diff --git a/vps2/backup.sh b/vps2/backup.sh
index 560d54b..a3bada1 100755
--- a/vps2/backup.sh
+++ b/vps2/backup.sh
@@ -66,6 +66,7 @@ function upload_directory {
 }
 
 upload_pg_dump "cors-school" "cors-school-db" "davinci" "postgres"
+upload_pg_dump "openolat" "openolat-db" "oodb" "oodbu"
 
 # shellcheck disable=SC1091
 source "karin-bot/.env"
diff --git a/vps2/docker-compose.yml b/vps2/docker-compose.yml
index b66cc6c..9da708b 100644
--- a/vps2/docker-compose.yml
+++ b/vps2/docker-compose.yml
@@ -103,7 +103,39 @@ services:
   #     - "25565:25565"
   #   volumes:
   #     - /apps/minecraft/server:/data
+  ##### openolat
+  openolat_db:
+    container_name: openolat-db
+    image: "postgres:latest"
+    restart: always
+    volumes:
+      - "/apps/openolat/data:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_DB: oodb
+      POSTGRES_USER: oodbu
+      POSTGRES_PASSWORD: "${OPENOLAT_DB_PASSWORD}"
+      PGDATA: "/var/lib/postgresql/data/pgdata"
+    networks:
+      - openolat-network
+  openolat:
+    container_name: openolat
+    image: "docker.noratrieb.dev/openolat:69b3c8b6"
+    restart: always
+    volumes:
+      - "/apps/openolat/olatdata:/home/openolat/olatdata"
+      - "/apps/openolat/extra-properties.properties:/home/openolat/extra-properties.properties"
+    ports:
+      - "5011:8088"
+    environment:
+      DB_PASSWORD: "${OPENOLAT_DB_PASSWORD}"
+      DB_URL: "jdbc:postgresql://openolat-db:5432/oodb"
+      EXTRA_PROPERTIES: "/home/openolat/extra-properties.properties"
+      OLAT_HOST: olat.nilstrieb.dev
+    networks:
+      - openolat-network
 
 networks:
   cors-school:
   karin-bot:
+  openolat-network:
+  prometheus: