diff --git a/1systems/filepimp.nix b/1systems/filepimp.nix
index 4037f69..0fabf6d 100644
--- a/1systems/filepimp.nix
+++ b/1systems/filepimp.nix
@@ -24,7 +24,9 @@ in {
       ../2configs/fs/single-partition-ext4.nix
       ../2configs/smart-monitor.nix
       ../2configs/tinc/retiolum.nix
+      ../2configs/filepimp-share.nix
     ];
+
   krebs.build.host = config.krebs.hosts.filepimp;
   # AMD N54L
   boot = {
@@ -76,6 +78,9 @@ in {
     (xfsmount "j2" (part1 jDisk2))   //
     (xfsmount "par0" (part1 jDisk3))
     ;
+
+  networking.firewall.trustedInterfaces = [ primary-interface ];
+
   services.wakeonlan.interfaces = [
     {
       interface = primary-interface;
diff --git a/1systems/gum.nix b/1systems/gum.nix
index 401ec60..20731c8 100644
--- a/1systems/gum.nix
+++ b/1systems/gum.nix
@@ -22,6 +22,7 @@ in {
       ../2configs/tinc/retiolum.nix
       ../2configs/urlwatch.nix
       ../2configs/torrent.nix
+      ../2configs/graphite-standalone.nix
       ../2configs/sabnzbd.nix
 
       ../2configs/opentracker.nix
diff --git a/1systems/omo.nix b/1systems/omo.nix
index 71fb85f..2e09e34 100644
--- a/1systems/omo.nix
+++ b/1systems/omo.nix
@@ -44,6 +44,7 @@ in {
       ../2configs/fs/sda-crypto-root.nix
       ../2configs/zsh-user.nix
       ../2configs/urlwatch.nix
+      ../2configs/backup.nix
       ../2configs/exim-retiolum.nix
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
diff --git a/1systems/wbob.nix b/1systems/wbob.nix
index ff176ed..184f741 100644
--- a/1systems/wbob.nix
+++ b/1systems/wbob.nix
@@ -55,6 +55,10 @@ in {
   # rt2870 with nonfree creates wlp2s0 from wlp0s20u2
   # not explicitly setting the interface results in wpa_supplicant to crash
   networking.wireless.interfaces = [ "wlp2s0" ];
+  networking.interfaces.virbr1.ip4 = [{
+    address = "10.8.8.11";
+    prefixLength = 24;
+  }];
 
 
   # nuc hardware
diff --git a/1systems/wry.nix b/1systems/wry.nix
index 81cd362..238b740 100644
--- a/1systems/wry.nix
+++ b/1systems/wry.nix
@@ -16,13 +16,15 @@ in {
       ../2configs/bepasty-dual.nix
 
       ../2configs/iodined.nix
-
+      ../2configs/backup.nix
 
       # other nginx
       ../2configs/nginx/euer.wiki.nix
       ../2configs/nginx/euer.blog.nix
       ../2configs/nginx/euer.test.nix
 
+      #../2configs/elchos/stats.nix
+
       # collectd
       # ../2configs/collectd/collectd-base.nix
 
diff --git a/1systems/x.nix b/1systems/x.nix
index 0243856..00eca87 100644
--- a/1systems/x.nix
+++ b/1systems/x.nix
@@ -63,11 +63,10 @@
 
   # configure pulseAudio to provide a HDMI sink as well
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ];
+  networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
   networking.firewall.allowedUDPPorts = [ 665 26061 ];
 
   krebs.build.host = config.krebs.hosts.x;
-  krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
 
   krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
 
diff --git a/2configs/base-gui.nix b/2configs/base-gui.nix
index b039c12..cbc3efb 100644
--- a/2configs/base-gui.nix
+++ b/2configs/base-gui.nix
@@ -82,7 +82,6 @@ in
 
       URxvt.perl-ext:      default,url-select
       URxvt.keysym.M-u:    perl:url-select:select_next
-      #URxvt.url-select.launcher:   firefox -new-tab
       URxvt.url-select.launcher:   chromium
       URxvt.url-select.underline: true
       URxvt.searchable-scrollback: CM-s
diff --git a/2configs/filepimp-share.nix b/2configs/filepimp-share.nix
new file mode 100644
index 0000000..23fa8da
--- /dev/null
+++ b/2configs/filepimp-share.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  hostname = config.krebs.build.host.name;
+in {
+  users.users.smbguest = {
+    name = "smbguest";
+    uid = config.ids.uids.smbguest;
+    description = "smb guest user";
+    home = "/var/empty";
+  };
+  services.samba = {
+    enable = true;
+    shares = {
+      media = {
+        path = "/media/";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+    };
+    extraConfig = ''
+      guest account = smbguest
+      map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
+}
diff --git a/2configs/hw/tp-x220.nix b/2configs/hw/tp-x220.nix
index 58390e4..2ec531e 100644
--- a/2configs/hw/tp-x220.nix
+++ b/2configs/hw/tp-x220.nix
@@ -5,7 +5,7 @@ with config.krebs.lib;
 
   imports = [ ./tp-x2x0.nix ];
   boot = {
-    kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
+    kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ];
     extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
   };
   hardware.opengl.extraPackages =  [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
diff --git a/2configs/iodined.nix b/2configs/iodined.nix
index ca489d0..b1446ea 100644
--- a/2configs/iodined.nix
+++ b/2configs/iodined.nix
@@ -5,8 +5,9 @@ let
   domain = "io.krebsco.de";
   pw = import <secrets/iodinepw.nix>;
 in {
+  networking.firewall.allowedUDPPorts = [ 53 ];
 
-  services.iodined = {
+  services.iodine = {
     server = {
       enable = true;
       domain = domain;
diff --git a/2configs/nginx/icecult.nix b/2configs/nginx/icecult.nix
new file mode 100644
index 0000000..a11f92a
--- /dev/null
+++ b/2configs/nginx/icecult.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+
+with config.krebs.lib;
+
+let
+  icecult = pkgs.fetchFromGitHub {
+    owner = "kraiz";
+    repo = "icecult";
+    rev = "1942d43381a97f30111a48725f7532c343a6f4d7";
+    sha256 = "0l8q7kw3w1kpvmy8hza9vr5liiycivbljkmwpacaifbay5y98z58";
+  };
+in{
+  krebs.nginx = {
+    enable = true;
+    servers.default = {
+        extraConfig = ''
+          root ${icecult}/app;
+        '';
+        locations = [
+          (nameValuePair "/rpc" ''
+        rewrite /rpc/(.*) /$1 break;
+        proxy_http_version 1.1;
+        proxy_pass http://10.42.22.163:3121;
+          '')
+      ];
+    };
+  };
+}
diff --git a/2configs/rad1o.nix b/2configs/rad1o.nix
index 03bb9bc..6eca69e 100644
--- a/2configs/rad1o.nix
+++ b/2configs/rad1o.nix
@@ -3,7 +3,7 @@
 {
 
   environment.systemPackages = with pkgs; [
-    gnuradio-full
+    gnuradio-with-packages
     gnuradio-osmosdr
     gqrx
     ];
diff --git a/2configs/solr.nix b/2configs/solr.nix
new file mode 100644
index 0000000..cad9eab
--- /dev/null
+++ b/2configs/solr.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with config.krebs.lib;
+let
+  solrHome = "/var/db/solr";
+in {
+  imports = [ ];
+  users.users.solr = {
+    home = solrHome;
+    uid = genid "solr";
+    createHome = true;
+    group = "solr";
+  };
+  users.groups.solr.gid = genid "solr";
+
+  services.solr = {
+    enable = true;
+    inherit solrHome;
+    user = "solr";
+    group = "solr";
+  };
+}
diff --git a/2configs/urlwatch.nix b/2configs/urlwatch.nix
index 189167f..0d8f888 100644
--- a/2configs/urlwatch.nix
+++ b/2configs/urlwatch.nix
@@ -15,7 +15,7 @@
       http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
       https://github.com/amadvance/snapraid/releases.atom
-      https://erdgeist.org/gitweb/opentracker/log/
+      https://erdgeist.org/gitweb/opentracker/commit/
     ];
   };
 }