diff --git a/nix/apps/hugo-chat/default.nix b/nix/apps/hugo-chat/default.nix
index 17d3a26..9f78f6b 100644
--- a/nix/apps/hugo-chat/default.nix
+++ b/nix/apps/hugo-chat/default.nix
@@ -1,36 +1,32 @@
 { config, lib, pkgs, ... }:
 let
-  dockerLogin = {
-    registry = "docker.noratrieb.dev";
-    username = "nils";
-    passwordFile = config.age.secrets.docker_registry_password.path;
+  jarfile = pkgs.fetchurl {
+    url =
+      "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/HugoServer.jar";
+    hash = "sha256-hCe2UPqrSR6u3/UxsURI2KzRxN5saeTteCRq5Zfay4M=";
   };
 in
 {
   age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age;
 
+  systemd.services.hugo-chat-server = {
+    description = "HugoChat server, a chat platform";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    environment = {
+      SPRING_DATASOURCE_URL = "jdbc:postgresql://localhost:5003/postgres";
+    };
+    serviceConfig = {
+      DynamicUser = true;
+      ExecStart = "${lib.getExe' pkgs.jdk21 "java"} -jar ${jarfile} --server.port=5001";
+      EnvironmentFile = [ config.age.secrets.hugochat_db_password.path ];
+    };
+  };
+
   virtualisation.oci-containers.containers = {
-    hugo-chat-client = {
-      image = "docker.noratrieb.dev/hugo-chat-client:89ce0b07";
-      login = dockerLogin;
-      ports = [ "127.0.0.1:5002:80" ];
-    };
-
-    hugo-chat-server = {
-      image = "docker.noratrieb.dev/hugo-chat-server:89ce0b07";
-      ports = [ "127.0.0.1:5001:8080" ];
-      environment = {
-        SPRING_DATASOURCE_URL = "jdbc:postgresql://hugo-chat-db:5432/postgres";
-      };
-      environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
-      extraOptions = [ "--network=hugo-chat" ];
-
-      dependsOn = [ "hugo-chat-db" ];
-      login = dockerLogin;
-    };
-
     hugo-chat-db = {
       image = "postgres:16";
+      ports = [ "127.0.0.1:5003:5432" ];
       volumes = [ "/var/lib/hugo-chat/data:/var/lib/postgresql/data" ];
       environment = {
         PGDATA = "/var/lib/postgresql/data/pgdata";
diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix
index 0116fa0..c2f132f 100644
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@@ -15,6 +15,11 @@ let
   blog = fetchTarball "https://github.com/Noratrieb/blog/archive/${my-projects-versions.blog}.tar.gz";
   slides = fetchTarball "https://github.com/Noratrieb/slides/archive/${my-projects-versions.slides}.tar.gz";
   website-build = website { inherit pkgs slides blog; };
+  hugo-chat-client = fetchTarball {
+    url =
+      "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz";
+    sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib";
+  };
 in
 {
   environment.systemPackages = [ caddy ];
@@ -84,6 +89,23 @@ in
             '' else ""
           }
 
+          ${if name == "vps1" then ''
+            hugo-chat.noratrieb.dev {
+              log
+              encode zstd gzip
+              root * ${import ./caddy-static-prepare {
+                name = "hugo-chat-client";
+                src = hugo-chat-client;
+                inherit pkgs lib;
+              }}
+              try_files {path} /index.html
+              file_server {
+                etag_file_extensions .sha256
+                precompressed zstd gzip br
+              }
+            }
+          '' else ""}
+
           ${
             if name == "vps1" || name == "vps3" || name == "vps4" then
             builtins.readFile ./${name}.Caddyfile else ""
diff --git a/nix/modules/caddy/vps1.Caddyfile b/nix/modules/caddy/vps1.Caddyfile
index 4b3c58f..11712b2 100644
--- a/nix/modules/caddy/vps1.Caddyfile
+++ b/nix/modules/caddy/vps1.Caddyfile
@@ -3,12 +3,6 @@ www.noratrieb.dev {
 	redir https://noratrieb.dev{uri} permanent
 }
 
-hugo-chat.noratrieb.dev {
-	log
-	encode zstd gzip
-	reverse_proxy * localhost:5002
-}
-
 api.hugo-chat.noratrieb.dev {
 	log
 	import cors https://hugo-chat.noratrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
diff --git a/nix/modules/default/default.nix b/nix/modules/default/default.nix
index 9acbd60..a1169a0 100644
--- a/nix/modules/default/default.nix
+++ b/nix/modules/default/default.nix
@@ -179,5 +179,51 @@ in
     };
   };
 
+  services.alloy = {
+    enable = true;
+  };
+  systemd.services.alloy.serviceConfig = {
+    DynamicUser = lib.mkForce false;
+  };
+  environment.etc."alloy/config.alloy".text = ''
+    discovery.process "all" {
+      discover_config {
+        cgroup_path = true
+        container_id = true
+      }
+    }
+
+    discovery.relabel "alloy" {
+      targets = discovery.process.all.targets
+      // Filter needed processes
+      rule {
+          source_labels = ["__meta_process_cgroup_path"]
+          regex = "0::/system.slice/.*.service"
+          action = "keep"
+      }
+
+      rule {
+        source_labels = ["__meta_process_cgroup_path"]
+        regex = "0::/system.slice/(.*.service)"
+        target_label = "service_name"
+        action = "replace"
+      }
+    }
+
+    pyroscope.ebpf "instance" {
+      forward_to     = [pyroscope.write.endpoint.receiver]
+      targets = discovery.relabel.alloy.output
+    }
+
+    pyroscope.write "endpoint" {
+      endpoint {
+        url = "http://vps3.local:4040"
+      }
+      external_labels = {
+        "instance" = env("HOSTNAME"),
+      }
+    }
+  '';
+
   deployment.tags = networkingConfig."${name}".tags;
 }
diff --git a/nix/modules/prometheus/default.nix b/nix/modules/prometheus/default.nix
index b1e06da..a1af908 100644
--- a/nix/modules/prometheus/default.nix
+++ b/nix/modules/prometheus/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, networkingConfig, ... }: {
+{ config, lib, networkingConfig, pkgs, ... }: {
   services.prometheus = {
     enable = true;
     globalConfig = { };
@@ -83,12 +83,21 @@
             access = "proxy";
             url = "http://vps3.local:3100";
           }
+          {
+            name = "pyroscope";
+            type = "grafana-pyroscope-datasource";
+            access = "proxy";
+            url = "http://vps3.local:4040";
+          }
         ];
       };
     };
   };
 
-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.loki.configuration.server.http_listen_port ];
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [
+    config.services.loki.configuration.server.http_listen_port
+    4040 # pyroscope
+  ];
   age.secrets.loki_env.file = ../../secrets/loki_env.age;
   systemd.services.loki.serviceConfig.EnvironmentFile = config.age.secrets.loki_env.path;
   services.loki = {
@@ -142,4 +151,56 @@
     mkdir -p /var/lib/loki/{index,cache}
     chown ${config.services.loki.user}:${config.services.loki.group} -R /var/lib/loki
   '';
+
+
+  age.secrets.pyroscope_s3_secret = {
+    file = ../../secrets/pyroscope_s3_secret.age;
+    owner = config.users.users.pyroscope.name;
+  };
+
+  systemd.services.pyroscope =
+    let
+      pyroscope = builtins.fetchTarball {
+        url = "https://github.com/grafana/pyroscope/releases/download/v1.14.0/pyroscope_1.14.0_linux_amd64.tar.gz";
+        sha256 = "sha256:005539bp2a2kac8ff6vz77g0niav81rggha1bsfx454fw4dyli4y";
+      };
+      pyroscopeConfig = {
+        analytics.reporting_enabled = false;
+        server = {
+          grpc_listen_port = 9084; # random port
+        };
+        storage = {
+          backend = "s3";
+          s3 = {
+            bucket_name = "pyroscope";
+            region = "garage";
+            endpoint = "localhost:3900";
+            insecure = true;
+            access_key_id = "\${ACCESS_KEY_ID}";
+            secret_access_key = "\${ACCESS_SECRET_KEY}";
+          };
+        };
+      };
+    in
+    {
+      description = "pyroscope, the continuous profiling database";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        Restart = "always";
+        User = config.users.users.pyroscope.name;
+        Group = config.users.users.pyroscope.group;
+        ExecStart = "${pyroscope}/pyroscope -config.expand-env=true -config.file ${pkgs.writeText "config.yml" (builtins.toJSON pyroscopeConfig)}";
+        EnvironmentFile = config.age.secrets.pyroscope_s3_secret.path;
+        WorkingDirectory = "/var/lib/pyroscope";
+      };
+    };
+
+  users.users.pyroscope = {
+    group = "pyroscope";
+    isSystemUser = true;
+    home = "/var/lib/pyroscope";
+    createHome = true;
+  };
+  users.groups.pyroscope = { };
 }
diff --git a/nix/secrets/backup_s3_secret.age b/nix/secrets/backup_s3_secret.age
index 4ef1361..66ab603 100644
Binary files a/nix/secrets/backup_s3_secret.age and b/nix/secrets/backup_s3_secret.age differ
diff --git a/nix/secrets/caddy_s3_key_secret.age b/nix/secrets/caddy_s3_key_secret.age
index 39bb560..9eb6b5a 100644
Binary files a/nix/secrets/caddy_s3_key_secret.age and b/nix/secrets/caddy_s3_key_secret.age differ
diff --git a/nix/secrets/docker_registry_password.age b/nix/secrets/docker_registry_password.age
index 13f02ef..51d82f7 100644
--- a/nix/secrets/docker_registry_password.age
+++ b/nix/secrets/docker_registry_password.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg UtoSFhZQ2PW1y3ifXgSdQQswoi5kdRg2gvczlEateC4
-ir2FpFkYo17MGBy+C4thM4lit7vn2CiBi09DcTb6ubs
---- YvRhsfFzedjeKssmOTzHvKkvIG0zXVVCIJsRNc/LTVg
-:Ë €KîÞ$é†Prm;Û·ûÎªæ ¹Œö+é	ÚqE@Àv]’¢Ôòm =Í™'Sm
\ No newline at end of file
+-> ssh-ed25519 qM6TYg EuWuwScs5A1DFpXrWif52YGxrscegIPGS7ZpoVS+7QI
+NsTXnjIRz7G8oNAS9MLRPkDSS7LNogLBK9hJBaC3qXE
+--- 4dEpELTzVN+A2cdD25L0A1iU8YKoB+249GEn1lxZzU8
+£Å©Ô(Ù'¥;CÇ5QOà´œ‰\]W('ÌÏNZ?¤†µ2f^iáBþ¸«³cÒ½‘ó
+²
\ No newline at end of file
diff --git a/nix/secrets/forgejo_s3_key_secret.age b/nix/secrets/forgejo_s3_key_secret.age
index 2c66a3a..26900b7 100644
--- a/nix/secrets/forgejo_s3_key_secret.age
+++ b/nix/secrets/forgejo_s3_key_secret.age
@@ -1,7 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg GNYf0FjEDEqCe09mS9Hl7OIIjvhKTu8urwUPtY+yyB0
-xmAtm4n3s0rfq3S5OKFEG2k/noXFTKMt8hiW5QrD9SU
---- HGBYxXQGM254m2YP5twgjgDme80f0uOL2m4uKy19ZBs
-ÖÂ(
-Õ×åÇÄT
-‚®à±Öì{’ÙõF“ü-\ƒ6{mítÏæÊMÑ-óX{‡%bQd]E³’Éàü]i¸úãË}F»2¸$7¤ö#k4“;8ZžGþ_‘oÛ–¼
\ No newline at end of file
+-> ssh-ed25519 qM6TYg 87cGJ52WhU1xh3a4QSpDtOrfmonf9YE7NtfZD5UvRQQ
+bvxaucwpWGnlDHNMjG5gJEGRVn1jCg6/RxYpFvlaQio
+--- umLbtzmXAZRbYIVbYjyHuorrxgxR1cctk5RYwm1JnYM
+•Kúi4ítÔÃ"pL&¥ñÅM·ýh%qóF#$Í¥×NA~†L"HB¦±c7~úÜž/§wÅ˜h<4PcN?è.ÄBOÑü¡0*Xö­ô_Éµ—?ˆ¿ñL!Ðž”#
\ No newline at end of file
diff --git a/nix/secrets/garage_secrets.age b/nix/secrets/garage_secrets.age
index af23541..bae6281 100644
--- a/nix/secrets/garage_secrets.age
+++ b/nix/secrets/garage_secrets.age
@@ -1,13 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg F9aj1EmsmRSXt1m3a41zpuwFmDBOuuaIrHkqP7PTVno
-tVs8Oxa9gV/HdUf0hN/JLuWhbrXI9BXIrsh5HnsKBQI
--> ssh-ed25519 pP9cdg dQdPm3OfbWl5Y8kJxmsUZ4rwpUo8w3+P3CHCiXw9VCw
-9yWbGgzgBz9GICAgYiOyPtMjDk/tBb4vsOveTuYP9bw
--> ssh-ed25519 XzACZQ 4lldtotM16DN/75dRX3QEmOzfIEySHcNOlFWqymI+Rs
-oOaD7dZu0xC0R7CrVpfwoBU7eSgaWyJmAZ4WptCQdes
--> ssh-ed25519 51bcvA k9eq2Tc3A9MztsdTvt3sDYUj/usYBJMp9IJQZAR67Ac
-ezccfIhPZaHKsVcUrxJL7u3jSA/kCTqLmWuQfxrFQBo
--> ssh-ed25519 vT7ExA BOCylq1RqaburnXxfsl3xqAmGSJnIxVhXK8H2xeFynk
-OWhqsbJgHWlo3hsRZVQgEaArK32OI25N4Poi2qJ9wQs
---- bBQkNfDI0onJOyxOJIN3Yl2jkK5iRgYbK67RWsipXOE
-3‡ýåA9â¯ÒAÕînÛ¯t•y®ßÚCj-îž{ÏÅ‡â)ô6¬DfØOÆQ¹Ü}'_n†øÈã‡>UPêNæDRŸÀÁª¨ûÊÆþ-¾„…éÂ"‡´úÛâšÙ?À>)E0™‡v(~7 eÍC¾O\UJJüŽ$SÂ8èá`€F«˜ÄíšQ§0uÙ3õmH•Ž~P÷Ž£ŒÅLqfõ~ºi¸Æn]‘=rSre#²wGŒ ³¥@ß|X#éØ÷’Â
\ No newline at end of file
+-> ssh-ed25519 qM6TYg +ZtvDoar2xUhBMyQFbxnxkwdF21rM5YUCZZ6CEknHj8
+wThjMiqj5tMscA3abmnhIVMAzfudkcIso7a17//FcDU
+-> ssh-ed25519 pP9cdg svRAEsI47g14ZF2YwJoxAn7zASjOHBLNEYkk8ljG00g
+WtN98vYIJ5Z8GQoaabeYlhY88OywHxp/nslKjXeRcVI
+-> ssh-ed25519 XzACZQ 6Pb4Xab6o/AyuXfLW/Ii1ogeFfT8WvUjRu2NCeMlIVA
+krn+6YjMq/FxrC6Pi4+4CA6Hd/HPI597SKFStO7hEgs
+-> ssh-ed25519 51bcvA gmx/B0WeJxVMkxa+b+LalVYDr4CP7Uv16QcrAAvOiC4
+1dzMXakXJuwx97ClerylljgKb3BlB6kiX8cpRWFOpQs
+-> ssh-ed25519 vT7ExA RNqHGxsZh8kMGy1B4GfHSE2HsJTjrjdYktVZAVSz8m0
+s4KvnACKfmNIgDz/HOUDS+z1hafjavonAntovcOr7F8
+--- 4TNQG6H8EqkGMtPysmKmJoYqZkRsNdlmGLCwsrkmQbg
+œÐrÀž„“ÛP¿¡”žÑo`S§MÏIŠ/† «Žßù´ŠÝqÍšç•ø–yÿòýï?‡¾b^k¤¶ Òš8¿Ì×*:ÞŠGA¤¥ôþÐvb‰?îÙÆwí¢W›Kwî\E¾½$‚èŸEÊ eÞdÔÞiSs/2gG"ÿµ_¯ü*Mî%ðÜ²zäíÿL{¦Dãž|¶õJP>¬ï‰ö´ÑsÅk’GCåÒ Ià¼\†júrÔ@N¦)¦.g{£
\ No newline at end of file
diff --git a/nix/secrets/grafana_admin_password.age b/nix/secrets/grafana_admin_password.age
index 2d2fac7..4c1ac47 100644
Binary files a/nix/secrets/grafana_admin_password.age and b/nix/secrets/grafana_admin_password.age differ
diff --git a/nix/secrets/hugochat_db_password.age b/nix/secrets/hugochat_db_password.age
index 3e48ca0..f0e0305 100644
Binary files a/nix/secrets/hugochat_db_password.age and b/nix/secrets/hugochat_db_password.age differ
diff --git a/nix/secrets/killua_env.age b/nix/secrets/killua_env.age
index d9e3d98..61fe20e 100644
Binary files a/nix/secrets/killua_env.age and b/nix/secrets/killua_env.age differ
diff --git a/nix/secrets/loki_env.age b/nix/secrets/loki_env.age
index 010ee28..980ab1f 100644
Binary files a/nix/secrets/loki_env.age and b/nix/secrets/loki_env.age differ
diff --git a/nix/secrets/minio_env_file.age b/nix/secrets/minio_env_file.age
index daf2e33..a1b8f24 100644
Binary files a/nix/secrets/minio_env_file.age and b/nix/secrets/minio_env_file.age differ
diff --git a/nix/secrets/openolat_db_password.age b/nix/secrets/openolat_db_password.age
index f202cc0..208e397 100644
--- a/nix/secrets/openolat_db_password.age
+++ b/nix/secrets/openolat_db_password.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg 0lWcSdSricBNu8i0oMnNe0gOsoDrY9DfPvmCIS63ohc
-fY0M+k7xXU5nlLTSbJQF7iDevujQVxZ2lLca9CiBTaI
---- 5ObZSaeWsTlkqKq5D8vWKsrY8WCku2ndSlrjBKRtQE8
-ÕóˆI™þye$Q˜÷|îÂÏÂh'Q1Q¥·1éCõÕòÞ€mQ:ØQ.¿ýÎS¼îžE¨=cm…‘¥äŠ@ß-¤9Öj®Œó7fÇºFÚTÜ"oâù"|¼0€DÎ’¾‰å,£™‘ÊöWÅ‹m*ßÌ¬õ~5â'ç›{ jÝlu„¿Á”u Òßy+„¢ö
\ No newline at end of file
+-> ssh-ed25519 qM6TYg nFtXAacXhJboR+gfX7x/jtJd8ApDl3tbPezVOKZYeAE
+Ca6eA7o/b3DV+fs2RqZzyDbgu8H8rQyFmMMr28f8uOU
+--- EG+F8eM/wVjXvWKS7leaOAZJnjlkT+JRJKcnAC0iWKM
+—¼:,åL­¢Éó ß¾9I©˜BÒ£Šwú%–hè¯Ó§‡ÅÃ ûàb·é²þÅ¾cbˆˆ‚ŽŽ~Iç¸¦&¿\NÇÉmÖTÙ´4ŽOàò0jÍ2[ßo…Œ+å÷©Üò(ˆ:|è™œ|9cz»µ„­ÿ·ƒµ¬µEñ¦uuaæßÄ¼§E
\ No newline at end of file
diff --git a/nix/secrets/pyroscope_s3_secret.age b/nix/secrets/pyroscope_s3_secret.age
new file mode 100644
index 0000000..c1b5174
Binary files /dev/null and b/nix/secrets/pyroscope_s3_secret.age differ
diff --git a/nix/secrets/registry_htpasswd.age b/nix/secrets/registry_htpasswd.age
index 9d1e5fd..85cc371 100644
Binary files a/nix/secrets/registry_htpasswd.age and b/nix/secrets/registry_htpasswd.age differ
diff --git a/nix/secrets/registry_s3_key_secret.age b/nix/secrets/registry_s3_key_secret.age
index eee2e12..23cd727 100644
Binary files a/nix/secrets/registry_s3_key_secret.age and b/nix/secrets/registry_s3_key_secret.age differ
diff --git a/nix/secrets/s3_mc_admin_client.age b/nix/secrets/s3_mc_admin_client.age
index 2cc8862..d51a700 100644
Binary files a/nix/secrets/s3_mc_admin_client.age and b/nix/secrets/s3_mc_admin_client.age differ
diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
index 456c560..9121984 100644
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@@ -25,6 +25,7 @@ in
   "killua_env.age".publicKeys = [ vps1 ];
   "forgejo_s3_key_secret.age".publicKeys = [ vps1 ];
   "upload_files_s3_secret.age".publicKeys = [ vps1 ];
+  "pyroscope_s3_secret.age".publicKeys = [ vps3 ];
   "wg_private_dns1.age".publicKeys = [ dns1 ];
   "wg_private_dns2.age".publicKeys = [ dns2 ];
   "wg_private_vps1.age".publicKeys = [ vps1 ];
diff --git a/nix/secrets/upload_files_s3_secret.age b/nix/secrets/upload_files_s3_secret.age
index 01042a4..d836b16 100644
--- a/nix/secrets/upload_files_s3_secret.age
+++ b/nix/secrets/upload_files_s3_secret.age
@@ -1,5 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg Tq8qyikECRKhPhMbKFDd+YZIGkx9uj3vOWk7QRHEkn8
-wDbkM7KZWGDF3mECEa1MPPTC5F7uxe8nGtIZZkVCWU0
---- hpRMWveZaPAIS44Jr6rRGHMOQfRi7nFpN0nxHU6fPOQ
-t4¼`Æò³:,P»ùÊµN„?‘Ä³\¬È±é›µ¿­uAH_Ä?PgÎ#¨ 	³T+¯êRÁ-ëÈºXÆ,!YeZF m»d–¢À‚“ºø¥\4ÍbDAk×Lžk¤1RzÊÜõ˜6xo(Â8ÄgzVÍ+s|³‚ .ÃT;O¶¨M6z‹¶A¨’Qƒ¥öV®™¡Ÿ~„ôª§mÛN«ŠXÐIqk²ËtÔ#óÄJ–yºrSðuÊ?ÉîÚ–NÕˆbø!KsyÜ Ï, AyfWÄÑÀ##"Ë`¢™ænPÎX,$z1ðŽ(PÈÍÄ"yû€|ÈsðTŸÂýxåBFtl!6Û‰¤ìÔ0Ùos*.H/Üoëä5Û­ÐlçÀ
\ No newline at end of file
+-> ssh-ed25519 qM6TYg 188H/PE0b8YiAgejIznCnBKRt9z4J0il43y3O0Nk2lQ
+nu/Wbgn9dT/0TtiO+6bTUEu9F+ra/2rQKCfUK09JeN4
+--- 1YJ9Cg60UshpVEzIiqWerLqu8Bch++0Cw22tbtPJxS0
+½¿2™%ÏW».9ÆMS—»9ˆ¨e >Z×ü¥v²uÂò1M~ÓÍªåÖý(<3w2(¼ÂZv”Ìíùãl r‡½[8R@ª1u–ûuØØ‰RûÍÄ¸Y¯!Ä_®ñZXž¦«
+:âr_ ó
+ºÞê8ûöËf½rJžÊL×âq2s¹RŽ6!*ÿ'å½›VkÎ^î>*’·Ãº.¹®DN¶#®µÛßs"Oú,ùJ½µD´`ŠàÄ§\¦i_-þÛKgi6CD"©u:"‡ü8²Ò51üÈãœíXÆ$©¦~«Ä|õðf¤¾8þ¾%Šáå)tzBl«:¡óBÂó÷Ž4Îu@â(bG¾ÉüCÌú×ëFH?
\ No newline at end of file
diff --git a/nix/secrets/wg_private_dns1.age b/nix/secrets/wg_private_dns1.age
index e9a0be3..71d4c0c 100644
--- a/nix/secrets/wg_private_dns1.age
+++ b/nix/secrets/wg_private_dns1.age
@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 LZU5Eg C3IfbvL4t0pOHEb3Bc54+r6DZESgN6K6zPDhBlDumXk
-UwOtrqp8I90Vux6L7CsV5K+2SDFB8LBiyLO8ud7IsQU
---- 2tIecoG70broXFTtgjCUMcvk2RdKqpe5tihO6meI8DY
-Ÿ—AkÕÚ³&Ð`!ÍåM_’v`äý„´Ï-¡ÔEp^„öƒU#:©ë]Ñ—Dm»Ëyìñ™Î^Oõ+t8§€ä.ºûÍš÷; ®
\ No newline at end of file
+-> ssh-ed25519 LZU5Eg px1Nln+wkhpIG4xFeLEOhO3Dkknv+7GG9+JZdppLljg
+zL60ZG9CHQrSnLfN+gd4kV9V3kBdiGOJ4t0DmkDI9FI
+--- LIBuGo8IeBk/RyWcg1ordV6IR895iV05uz/P1iWx/+0
+%‹&×>´µüS&¢;
+</šAè·Uº¥Ú"Bÿ%/)	Kôv•Õ`ƒ‰…Š……Dƒ&uÁÍ¼wŸ}y‘ºð¢D‘ùZ_È²<¢yÝ
\ No newline at end of file
diff --git a/nix/secrets/wg_private_dns2.age b/nix/secrets/wg_private_dns2.age
index d986ea6..d23bc4d 100644
--- a/nix/secrets/wg_private_dns2.age
+++ b/nix/secrets/wg_private_dns2.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 5bWSnQ wqkRMdob+7G2mTNKySF2kiGhOKt4GLN/ne+4lM3pIwA
-Iz2Brik6I6YHjVxQcoDL0UTJOWcjuiErf5kCeWpnaV0
---- 1ZkP0GiP78eGKl8te1w+o5I5kEbyPaiJFq7WGH4k1LE
-á61zIìTÂU/ò5ã'|Œ½ûÊÌþìhÕ>z±ñ¶Ýr^É‹wanog´lùX„º,kÜ¶G
-cÊõ¸æPÇ!Rh×»fW¥éhä §
\ No newline at end of file
+-> ssh-ed25519 5bWSnQ rj5NgCPBbNq/15YXa6DQXKwTU9Hpm7ocLiuINgLmhCQ
+KOEgfF4MQopCZkzl2oi3obi/KBmykqzsCbHZQpC4rLY
+--- +JacdysLbQkZq1H/lLD3oPzBi3orjxix5WYlv/lprHw
+uT&É^ÀãV[pÂ6:WÁ {kVÞ"j„6Ò‚äŽßän¨;^éúE$ˆì„ø4BP¼–`'FX¿Q	ÖÕ}oÿ¦ÇiÊ¸]
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps1.age b/nix/secrets/wg_private_vps1.age
index 089fc55..44644d5 100644
Binary files a/nix/secrets/wg_private_vps1.age and b/nix/secrets/wg_private_vps1.age differ
diff --git a/nix/secrets/wg_private_vps2.age b/nix/secrets/wg_private_vps2.age
index a92b028..8ad2191 100644
--- a/nix/secrets/wg_private_vps2.age
+++ b/nix/secrets/wg_private_vps2.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 pP9cdg GI2CXAYTJWUqmab/Fnl/cFZVCCBxYZX/snQ+w0aPjSk
-8D6TxN4VYH14GQJ/XhUqyfKNLjM8f3LDmykLAvtl+IM
---- 6ru8v60LKlJjpy2PnmcwBdV09KMEh+neITYyuFscSIQ
-F Ð™¿y#<ï¯—Ö‹màß˜žº¦¼Q2Õ^T2Lâ9µ]LÄžµhž[b¼rß¤!ï³jEnS?¾ìjCRà%„ÓsŸ;mœƒ\R
\ No newline at end of file
+-> ssh-ed25519 pP9cdg HiT/+dwaX8i9h5SeKF8AmEWQHFNs6nmyO089M/1Rjxo
+RjSM4+UBIrM+G9eckuH8+0Te9mhs3zXENPoFGJcHtAQ
+--- nDLsXpiyO2KyB/KDgO288tCfyvL8eCDhESLaRqBNlVg
+íŠZ±Û¡ª¼ñqÈþbB­G¾¢A¦HÁû*»_cÊ0`Öp*XY8ÂÌNÛÔGäÄœÛ5§‚¬Iãý³­XÙ…Æ—h,çQ*FR%
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps3.age b/nix/secrets/wg_private_vps3.age
index 2536ac0..7eb6f2b 100644
--- a/nix/secrets/wg_private_vps3.age
+++ b/nix/secrets/wg_private_vps3.age
@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 XzACZQ pOD3jNWIufLkEVtkFJu6W0QjdzPJTK+t1MwgACv1zXU
-EJQ+9xPw6MnB6nJW6nDBUlzfHyY9XlfBIQlgje+FVE4
---- BmTwJED+mJ/Qr0WFDELozwR2BgGDkHDcR2I9eSxuVn8
-KêÃ~alNh.€½ù «kiAÛF*Ã/MY±ñ¡Zd†¬p”AÉ+-²Ù¬A¹Ü¢*S¥Z¶ï„ Nê­F­fˆ‚bô3tª×rûÇy
\ No newline at end of file
+-> ssh-ed25519 XzACZQ kJVyFsqcqh/THJgijrdhNFFelSpD2w4VGZEvNsQSwlM
+DzC/l6rFyE9JF+IoA3pQv/3PihXnIlWQHje6++9rJsA
+--- kRjNUG+4tPhNCcoAO47gwj04gmBXZXBPqgvH81KNn/E
+‹ý#¦n>fa^!ÄŒ§+sFðì”ÚÀ™œ¥B.u{IïÖ9NïVù–§äÏ˜¢ixééƒÒòÒŽ¿ÒY	öæ“Í.Je
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps4.age b/nix/secrets/wg_private_vps4.age
index ca2ab16..616c369 100644
--- a/nix/secrets/wg_private_vps4.age
+++ b/nix/secrets/wg_private_vps4.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 51bcvA mzB9FcwUgPczK4/Rd2DZvCYoQfjT4qE+Z7HE9yHjgGU
-sPDlr+YNhvbjYagyJb/kua9dWeG9tSt6KNjKh+/p+ps
---- uZVoWpqKjapTtWRGpc7cUoifwOVFfd5DU+9pQpwruuo
-Fv6¾œÚ‹Ëï,ø»K¶¶Ó†(ÍÝè‰kÙ~Y4Á.`z(]w2²MV"¼%À³JUÚ$ô•È«ÁÇ¸CïG
-_:F¸Ý§ S
\ No newline at end of file
+-> ssh-ed25519 51bcvA bcFC2L95dfbs7WLewqcQeH62fgba42DbYrFu126AWFg
+vfS/79EjlhWxp4cdOJv0WRWp8BIGefIvkNHrr5wcC7Y
+--- F8/9B/N6d0SjEHRHuiuCsqRGgRr2XoZdFRT1UKbi7+0
+9²å¤èlx"uV×ÔW#IE”Ûs¤Þjì89®d©žÑDkTgöÊ´?<°25·qïØ'ë¬ )yÖ‚¢má}
\ No newline at end of file
diff --git a/nix/secrets/wg_private_vps5.age b/nix/secrets/wg_private_vps5.age
index fa70bad..84bb7a8 100644
Binary files a/nix/secrets/wg_private_vps5.age and b/nix/secrets/wg_private_vps5.age differ
diff --git a/nix/secrets/widetom_bot_token.age b/nix/secrets/widetom_bot_token.age
index d3d06bf..c024b02 100644
Binary files a/nix/secrets/widetom_bot_token.age and b/nix/secrets/widetom_bot_token.age differ
diff --git a/nix/secrets/widetom_config_toml.age b/nix/secrets/widetom_config_toml.age
index aa4e0f9..84eafba 100644
Binary files a/nix/secrets/widetom_config_toml.age and b/nix/secrets/widetom_config_toml.age differ
diff --git a/secrets-git-crypt/pyroscope_s3_secret b/secrets-git-crypt/pyroscope_s3_secret
new file mode 100644
index 0000000..0d51de8
Binary files /dev/null and b/secrets-git-crypt/pyroscope_s3_secret differ