diff --git a/configuration.nix b/neet.dev/configuration.nix
similarity index 100%
rename from configuration.nix
rename to neet.dev/configuration.nix
diff --git a/flakes.nix b/neet.dev/flakes.nix
similarity index 100%
rename from flakes.nix
rename to neet.dev/flakes.nix
diff --git a/gitlab.nix b/neet.dev/gitlab.nix
similarity index 100%
rename from gitlab.nix
rename to neet.dev/gitlab.nix
diff --git a/mumble.nix b/neet.dev/mumble.nix
similarity index 100%
rename from mumble.nix
rename to neet.dev/mumble.nix
diff --git a/nsd.nix b/neet.dev/nsd.nix
similarity index 100%
rename from nsd.nix
rename to neet.dev/nsd.nix
diff --git a/thelounge.nix b/neet.dev/thelounge.nix
similarity index 100%
rename from thelounge.nix
rename to neet.dev/thelounge.nix
diff --git a/zerobin.nix b/neet.dev/zerobin.nix
similarity index 100%
rename from zerobin.nix
rename to neet.dev/zerobin.nix
diff --git a/reg/audio.nix b/reg/audio.nix
new file mode 100644
index 0000000..6e6f541
--- /dev/null
+++ b/reg/audio.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+  # Audio
+  sound.enable = true;
+  nixpkgs.config.pulseaudio = true; # enable pulseaudio support for packages
+  hardware.pulseaudio = {
+    enable = true;
+    support32Bit = true;
+    package = pkgs.pulseaudioFull; # bt headset support
+    extraConfig = "
+      load-module module-switch-on-connect
+    ";
+  };
+  hardware.bluetooth.enable = true;
+  users.users.googlebot.extraGroups = [ "audio" ];  
+}
diff --git a/reg/chromium.nix b/reg/chromium.nix
new file mode 100644
index 0000000..7b867ef
--- /dev/null
+++ b/reg/chromium.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+
+{
+  # chromium with specific extensions + settings
+  programs.chromium = {
+    enable = true;
+    extensions = [
+      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
+      "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
+      "oboonakemofpalcgghocfoadofidjkkk" # keepassxc plugin
+      "cimiefiiaegbelhefglklhhakcgmhkai" # plasma integration
+      "hkgfoiooedgoejojocmhlaklaeopbecg" # picture in picture
+    ];
+    extraOpts = {
+      "BrowserSignin" = 0;
+      "SyncDisabled" = true;
+      "PasswordManagerEnabled" = false;
+      "SpellcheckEnabled" = true;
+      "SpellcheckLanguage" = [ "en-US" ];
+    };
+    defaultSearchProviderSuggestURL = null;
+    defaultSearchProviderSearchURL = " https://duckduckgo.com/?q={searchTerms}&kp=-1&kl=us-en";
+  };
+
+  # hardware accelerated video playback (on intel)
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+    chromium = pkgs.chromium.override { enableVaapi = true; };
+  };
+  hardware.opengl = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver # LIBVA_DRIVER_NAME=iHD
+      vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      vaapiVdpau
+      libvdpau-va-gl
+    ];
+    extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiIntel ];
+  };  
+}
diff --git a/reg/common.nix b/reg/common.nix
new file mode 100644
index 0000000..ff9311b
--- /dev/null
+++ b/reg/common.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./flakes.nix
+  ];
+
+  boot.loader.timeout = 2;
+
+  time.timeZone = "America/New_York";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  services.openssh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.allowedUDPPorts = [ ];
+
+  environment.systemPackages = with pkgs; [
+    wget kakoune htop git
+  ];
+
+  users.mutableUsers = false;
+  users.users.googlebot = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVR/R3ZOsv7TZbICGBCHdjh1NDT8SnswUyINeJOC7QG"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx"
+    ];
+    hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
+  };
+}
diff --git a/reg/configuration.nix b/reg/configuration.nix
new file mode 100644
index 0000000..c349c22
--- /dev/null
+++ b/reg/configuration.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, fetchurl, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./efi.nix
+    ./common.nix
+    ./luks.nix
+    ./touchpad.nix
+    ./de.nix
+  ];
+
+  networking.hostName = "reg";
+  boot.initrd.luks.devices.enc-pv = {
+    device = "/dev/disk/by-uuid/975d8427-2c6a-440d-a1d2-18dd15ba5bc2";
+    allowDiscards = true;
+  };
+
+  networking.useDHCP = false;
+  networking.interfaces.enp57s0f1.useDHCP = true;
+  networking.interfaces.wlp0s20f3.useDHCP = true;
+  networking.interfaces.wwp0s20f0u2i12.useDHCP = true;
+
+  system.stateVersion = "20.09";
+}
+
diff --git a/reg/de.nix b/reg/de.nix
new file mode 100644
index 0000000..947ab0d
--- /dev/null
+++ b/reg/de.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # General
+  imports = [
+    ./kde.nix
+    ./xfce.nix
+    ./yubikey.nix
+    ./chromium.nix
+    ./audio.nix
+    ./torbrowser.nix
+  ];
+
+  # allow specific unfree packages
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "tigervnc" "font-bh-lucidatypewriter" # tigervnc
+  ];
+
+  # Applications
+  users.users.googlebot.packages = with pkgs; [
+    firefox chromium keepassxc mumble tigervnc bluez-tools vscodium
+  ];
+
+  # Networking
+  networking.networkmanager.enable = true;
+  users.users.googlebot.extraGroups = [ "networkmanager" ];
+
+  # Printing
+  services.printing.enable = true;
+
+  # Security
+  services.gnome3.gnome-keyring.enable = true;
+  security.pam.services.googlebot.enableGnomeKeyring = true;
+}
diff --git a/reg/efi.nix b/reg/efi.nix
new file mode 100644
index 0000000..63712e4
--- /dev/null
+++ b/reg/efi.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+{
+  # Use GRUB2 for EFI
+
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    grub = {
+      enable = true;
+      device = "nodev";
+      version = 2;
+      efiSupport = true;
+      useOSProber = true;
+#      memtest86.enable = true;
+      configurationLimit = 20;
+      theme = pkgs.nixos-grub2-theme;
+    };
+  };
+}
diff --git a/reg/flakes.nix b/reg/flakes.nix
new file mode 100644
index 0000000..aa60c1e
--- /dev/null
+++ b/reg/flakes.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+}
diff --git a/reg/kde.nix b/reg/kde.nix
new file mode 100644
index 0000000..1c55938
--- /dev/null
+++ b/reg/kde.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  # kde plasma
+  services.xserver = {
+    enable = true;
+    desktopManager.plasma5.enable = true;
+    displayManager.sddm.enable = true;
+  };
+
+  # kde apps
+  nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
+  users.users.googlebot.packages = with pkgs; [
+    akonadi kmail plasma5Packages.kmail-account-wizard
+  ];  
+}
diff --git a/reg/luks.nix b/reg/luks.nix
new file mode 100644
index 0000000..efef123
--- /dev/null
+++ b/reg/luks.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Unlock LUKS disk over ssh
+  boot.initrd.network.enable = true;
+  boot.initrd.kernelModules = [ "e1000" "e1000e" "virtio_pci" "r8169" ];
+  boot.initrd.network.ssh = {
+    enable = true;
+    port = 22;
+    hostKeys = [
+      "/secret/ssh_host_rsa_key"
+      "/secret/ssh_host_ed25519_key"
+    ];
+    authorizedKeys = config.users.users.googlebot.openssh.authorizedKeys.keys;
+  };
+
+  boot.initrd.postDeviceCommands = ''
+    echo 'waiting for root device to be opened...'
+    mkfifo /crypt-ramfs/passphrase
+    echo /crypt-ramfs/passphrase >> /dev/null
+  '';
+
+  # Make machine accessable over tor for boot unlock
+  boot.initrd.secrets = {
+    "/etc/tor/onion/bootup" = /secret/onion;
+  };
+  boot.initrd.extraUtilsCommands = ''
+    copy_bin_and_libs ${pkgs.tor}/bin/tor
+    copy_bin_and_libs ${pkgs.haveged}/bin/haveged
+  '';
+  # start tor during boot process
+  boot.initrd.network.postCommands = let
+    torRc = (pkgs.writeText "tor.rc" ''
+      DataDirectory /etc/tor
+      SOCKSPort 127.0.0.1:9050 IsolateDestAddr
+      SOCKSPort 127.0.0.1:9063
+      HiddenServiceDir /etc/tor/onion/bootup
+      HiddenServicePort 22 127.0.0.1:22
+    '');
+  in ''
+    # Add nice prompt for giving LUKS passphrase over ssh
+    echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile
+
+    echo "tor: preparing onion folder"
+    # have to do this otherwise tor does not want to start
+    chmod -R 700 /etc/tor
+
+    echo "make sure localhost is up"
+    ip a a 127.0.0.1/8 dev lo
+    ip link set lo up
+
+    echo "haveged: starting haveged"
+    haveged -F &
+
+    echo "tor: starting tor"
+    tor -f ${torRc} --verify-config
+    tor -f ${torRc} &
+  '';
+
+  system.stateVersion = "20.09";
+}
diff --git a/reg/torbrowser.nix b/reg/torbrowser.nix
new file mode 100644
index 0000000..9ca6ae8
--- /dev/null
+++ b/reg/torbrowser.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+{
+#  nixpkgs.config.packageOverrides = pkgs: {
+#    tor-browser-bundle-bin = pkgs.tor-browser-bundle-bin.overrideAttrs (old: {
+#      version = "10.0.10";
+#      src = builtins.fetchurl {
+#        url = "https://dist.torproject.org/torbrowser/10.0.10/tor-browser-linux64-10.0.10_en-US.tar.xz";
+#        sha256 = "vYWZ+NsGN8YH5O61+zrUjlFv3rieaBqjBQ+a18sQcZg=";
+#      };
+#    });
+#  };
+#
+#  nixpkgs.overlays = [ (
+#  self: super:
+#  {
+#    tor-browser-bundle-bin = super.tor-browser-bundle-bin.overrideAttrs (old: {
+#      version = "10.0.10";
+#      lang = "en-US";
+#      src = super.fetchurl {
+#        url = "https://dist.torproject.org/torbrowser/10.0.10/tor-browser-linux64-10.0.10_en-US.tar.xz";
+#        sha256 = "vYWZ+NsGN8YH5O61+zrUjlFv3rieaBqjBQ+a18sQcZg=";
+#      };
+#    });
+#  }
+#  ) ];  
+}
diff --git a/reg/touchpad.nix b/reg/touchpad.nix
new file mode 100644
index 0000000..d90775b
--- /dev/null
+++ b/reg/touchpad.nix
@@ -0,0 +1,6 @@
+{ config, pkgs, ... }:
+
+{
+  services.xserver.libinput.enable = true;
+  services.xserver.libinput.touchpad.naturalScrolling = true;
+}
diff --git a/reg/xfce.nix b/reg/xfce.nix
new file mode 100644
index 0000000..fd3d6b0
--- /dev/null
+++ b/reg/xfce.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  services.xserver = {
+    enable = true;
+    desktopManager = {
+      xterm.enable = false;
+      xfce.enable = true;
+    };
+    displayManager.sddm.enable = true;
+  };
+
+  # xfce apps
+  users.users.googlebot.packages = with pkgs; [
+  ];  
+}
diff --git a/reg/yubikey.nix b/reg/yubikey.nix
new file mode 100644
index 0000000..d141b31
--- /dev/null
+++ b/reg/yubikey.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+  # yubikey
+  services.pcscd.enable = true;
+  services.udev.packages = [ pkgs.yubikey-personalization ];  
+}