diff --git a/lib/default.nix b/lib/default.nix
index 9bdfac4..f3a8e50 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -177,11 +177,11 @@ rec {
 
   pubDomain = "nul.ie";
   colony = rec {
-    domain = "test.int.nul.ie";
+    domain = "fra1.int.${pubDomain}";
     start = {
       all = {
         v4 = "10.100.";
-        v6 = "2a0e:97c0:4d0:bbb";
+        v6 = "2a0e:97c0:4d0:ccc";
       };
       base = {
         v4 = "${start.all.v4}0.";
diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix
index e2f5a04..7e28433 100644
--- a/nixos/boxes/colony/default.nix
+++ b/nixos/boxes/colony/default.nix
@@ -33,13 +33,16 @@
         inherit (lib.my) networkdAssignment;
       in
       {
-        imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
-
-        boot.kernelParams = [ "intel_iommu=on" ];
-        boot.loader.systemd-boot.configurationLimit = 20;
+        boot = {
+          kernelModules = [ "kvm-amd" ];
+          kernelParams = [ "amd_iommu=on" ];
+          initrd = {
+            availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+          };
+        };
         fileSystems = {
           "/boot" = {
-            device = "/dev/disk/by-uuid/83CA-3BCF";
+            device = "/dev/disk/by-uuid/C1C9-9CBC";
             fsType = "vfat";
           };
           "/nix" = {
@@ -63,14 +66,19 @@
         environment.systemPackages = with pkgs; [
           pciutils
           partclone
+          lm_sensors
         ];
 
         systemd = {
           network = {
             links = {
-              "10-base-ext" = {
-                matchConfig.MACAddress = "52:54:00:81:bd:a1";
-                linkConfig.Name = "base-ext";
+              "10-wan0" = {
+                matchConfig.MACAddress = "d0:50:99:fa:a7:99";
+                linkConfig.Name = "wan0";
+              };
+              "10-wan1" = {
+                matchConfig.MACAddress = "d0:50:99:fa:a7:9a";
+                linkConfig.Name = "wan1";
               };
             };
             netdevs = {
@@ -149,7 +157,7 @@
         my = {
           #deploy.generate.system.mode = "boot";
           secrets = {
-            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp5WDdDr/1NS3SJIDOKwcCNZDFOxqPAD7cbZWAP7EkX";
+            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIijqzAWF6OxKr4aeCa1TAc5xGn4rdIjVTt0wAPU6uY";
           };
 
           server.enable = true;
diff --git a/nixos/boxes/colony/vms/default.nix b/nixos/boxes/colony/vms/default.nix
index 4ed02cc..c626689 100644
--- a/nixos/boxes/colony/vms/default.nix
+++ b/nixos/boxes/colony/vms/default.nix
@@ -10,7 +10,7 @@
     inherit (lib) mkIf mkMerge optionals;
 
     wanBDF =
-      if config.my.build.isDevVM then "00:02.0" else "01:00.0";
+      if config.my.build.isDevVM then "00:02.0" else "27:00.0";
 
     vmLVM = vm: lv: {
       "${lv}" = {
@@ -27,18 +27,40 @@
         frontend = "virtio-blk";
       };
     };
+
+    installerDisk = {
+      installer = {
+        backend = {
+          driver = "file";
+          filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos-installer-devplayer0.iso";
+          read-only = "on";
+        };
+        format.driver = "raw";
+        frontend = "ide-cd";
+        frontendOpts = {
+          bootindex = 1;
+        };
+      };
+    };
   in
   {
     my = {
       vms = {
         instances = {
           estuary = {
-            uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b";
+            uuid = "27796a09-c013-4031-9595-44791d6126b9";
+            smp = {
+              cpus = 2;
+              threads = 2;
+            };
+            memory = 3072;
             networks.base = {
               waitOnline = "no-carrier";
-              mac = "52:54:00:ab:f1:52";
+              mac = "52:54:00:15:1a:53";
             };
-            drives = mkMerge ([ ] ++ (optionals (!config.my.build.isDevVM) [
+            drives = mkMerge ([
+              installerDisk
+            ] ++ (optionals (!config.my.build.isDevVM) [
               (vmLVM "estuary" "esp")
               (vmLVM "estuary" "nix")
               (vmLVM "estuary" "persist")
@@ -48,34 +70,20 @@
           };
 
           shill = {
-            uuid = "e34569ec-d24e-446b-aca8-a3b27abc1f9b";
+            uuid = "fc02d8c8-6f60-4b69-838a-e7aed6ee7617";
             smp = {
-              cpus = 4;
+              cpus = 12;
               threads = 2;
             };
-            memory = 8192;
-            networks.vms.mac = "52:54:00:85:b3:b1";
+            memory = 65536;
+            networks.vms.mac = "52:54:00:27:3d:5c";
             cleanShutdown.timeout = 120;
             drives = mkMerge ([
-              {
-                installer = {
-                  backend = {
-                    driver = "file";
-                    filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos-installer-devplayer0.iso";
-                    read-only = "on";
-                  };
-                  format.driver = "raw";
-                  frontend = "ide-cd";
-                  frontendOpts = {
-                    bootindex = 1;
-                  };
-                };
-              }
+              installerDisk
             ] ++ (optionals (!config.my.build.isDevVM) [
               (vmLVM "shill" "esp")
               (vmLVM "shill" "nix")
               (vmLVM "shill" "persist")
-
               {
                 esp.frontendOpts.bootindex = 0;
 
@@ -83,8 +91,12 @@
                   backend = {
                     driver = "host_device";
                     filename = "/dev/hdds/media";
+                    discard = "unmap";
+                  };
+                  format = {
+                    driver = "raw";
+                    discard = "unmap";
                   };
-                  format.driver = "raw";
                   frontend = "virtio-blk";
                 };
               }
diff --git a/secrets/cloudflare-credentials.conf.age b/secrets/cloudflare-credentials.conf.age
index f117731..97f406c 100644
Binary files a/secrets/cloudflare-credentials.conf.age and b/secrets/cloudflare-credentials.conf.age differ
diff --git a/secrets/colony-netdata-powerdns.conf.age b/secrets/colony-netdata-powerdns.conf.age
index 44ebc0e..ef86718 100644
Binary files a/secrets/colony-netdata-powerdns.conf.age and b/secrets/colony-netdata-powerdns.conf.age differ
diff --git a/secrets/colony-netdata-powerdns_recursor.conf.age b/secrets/colony-netdata-powerdns_recursor.conf.age
index 61cf8f8..cee3f73 100644
Binary files a/secrets/colony-netdata-powerdns_recursor.conf.age and b/secrets/colony-netdata-powerdns_recursor.conf.age differ
diff --git a/secrets/colony-pdns-recursor.conf.age b/secrets/colony-pdns-recursor.conf.age
index 7322257..4de2559 100644
--- a/secrets/colony-pdns-recursor.conf.age
+++ b/secrets/colony-pdns-recursor.conf.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 B9K/XQ gNJl6io3eASmXNRrcLI3fH8UqNEeT7vbCVfks9D153g
-/APb0O9268pftfeV5XY1E4CcKrCBAO69sVUBM82cmvE
--> X25519 xskN26oeA5X3rvevlBvyzz/fylb1SINSR09B+DMvSCo
-hk5wowfDfxjlFjQKGLwOfA/bgB2cuHR1En9hLtGcsEk
--> sK$y-grease `L hNh
-RvgnmIYLnlj6Xzs4YWg40UXHPJrnRHzR/c+X1bg5Qby/Zg
---- 8IqpUilyXUPSp+KdSCCOBN3GRWtciEjmi1bxzzTmC78
-[ðÛÿ?¹‹RßNã•vÉÝO£5yÅ¬?+XBê;~¬ˆ±Ú!–uú‘“ýX»¥mŽ95Š?UáD¨Äª‹u”pÍžÙÑ„_hcò
\ No newline at end of file
+-> ssh-ed25519 B9K/XQ pDr63Mxy93vvgTOOeGx+P2olj58AszuoW4DMU/2vwTs
+q0BfZmSo7PTHbbwX+8BdbJNiOjHflEsRVRyb96CCfJs
+-> X25519 wclqj46DLlI26z5xVt2FdTzYI5QUrZAu74y3Hgm1j18
+WpK4K+hsmxjVKGbt/NuC/Khcw1mSH121AabF0fsYLVw
+-> t]-grease fmXI7F 0vP#;w *
+mlRT87J7NtBKsK1lsNBArc9Ofo92Yniki5o3deA
+--- k5dfRl70t63RfTENRTTgBzgi3lm0D26KFkj73tyHMBo
+¤j÷»–MÞšy¡-š?h3kÔWÒîŽåßèv{M~PÁô[aCÚCj(øŽÙ¦e¾l¿R–PJ­ø%V&»èå[†ê
+62Ô£.Ä
\ No newline at end of file
diff --git a/secrets/dhparams.pem.age b/secrets/dhparams.pem.age
index d302214..b55cfe0 100644
Binary files a/secrets/dhparams.pem.age and b/secrets/dhparams.pem.age differ
diff --git a/secrets/jackflix-wg-privkey.txt.age b/secrets/jackflix-wg-privkey.txt.age
index 03dbb6e..07991d5 100644
--- a/secrets/jackflix-wg-privkey.txt.age
+++ b/secrets/jackflix-wg-privkey.txt.age
@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 vf+WVg urUmX8GQaZ9N5s4im5LjHdrqF7G1cUmOhRwJ4C6QiDo
-rgzuokfwMMjYtbPBCBNa+9Jg4QHbdd4ynqrsVX5LSWM
--> X25519 Kr0gKsPYyLt3PFVZlv6m1NlLedJJYxSNKvmKx9canyc
-1Ki72qamPIaor+FCYy0SLVSm0GVCVsjFiRteSNv5hCA
--> MT&kccY-grease k k>D#= -/DFm:' ufBE\
-1HfnD0ef5OnLrhBZL+pyaMVLjCadk+vLszSORTxyarFPKD5wqor5nPn/mMLotY79
-mpKSMQq8ehwB+Ruv6fjys3q/1A
---- J8tifBtzNpEgeFqTxpfq+Md0vdmzU23rizI3C39gkc4
-29ÐA7”JÈ”ØŒ\r=ŒÖÖJw¡êxxlüÕ•Aädd‰Ô¬¼ÓQ¬ïð­ŠÛ#rúÉš™}ay0Põl†’Öö&Ñ
-dF¹|€-
\ No newline at end of file
+-> ssh-ed25519 vf+WVg +Ftq3XX892mQ+cB1nPRq6eDP7HPdFogZk/EbIsuxuk0
+i1ihGVigQBA7pquuXO3sBABSXN9x8IIJ64sfiNQ201w
+-> X25519 YB51ze5czSe08S89gtTWQ6zuxoMJZi5+23S2GXCXT1M
+jlLwxefYiijkj4JH4J+sUVJxhBWYfmbGjwi3B57vphU
+-> f3mY-grease w kU}uSw m_ySQ R+
+t7aJI+DNE57a0chgz08QlOIPpZyudJ4EjGChyO0ct9rQkrT87AQ
+--- vugV8UZzBLfeLBlFPBfiLAo1aaU28p1JLNyyGQkztNs
+W4¤–)¿5-f5cÐÂ”×â—S¯³ù8ßQ]3±6è~)JÅjÍ¯”ÝW{ƒÖK“!•Ï°!HÈ3—(Ú ü=«>Šw±Ÿ|
\ No newline at end of file
diff --git a/secrets/nginx-sso.yaml.age b/secrets/nginx-sso.yaml.age
index 606dd6d..01e8ffd 100644
Binary files a/secrets/nginx-sso.yaml.age and b/secrets/nginx-sso.yaml.age differ
diff --git a/secrets/pdns-file-records.key.age b/secrets/pdns-file-records.key.age
index e35409f..40211a2 100644
Binary files a/secrets/pdns-file-records.key.age and b/secrets/pdns-file-records.key.age differ
diff --git a/secrets/pdns.conf.age b/secrets/pdns.conf.age
index 7f43350..106db85 100644
--- a/secrets/pdns.conf.age
+++ b/secrets/pdns.conf.age
@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 B9K/XQ /kv+tjtTxUS9If5ognIwNC3TmO+18KL0nOEkxy5JGz0
-LHbhmFnFFMckiK1dRtJxfy4a5ZYUkBB8bpO8IS4WWtA
--> X25519 cxHRN7s0xsX3ZPJcJ5yaZ4fVwAfcWJx8sx+EqXyKiHw
-kJK3WRVizmL8b8cgfRFs0Em71aks0G8eFBHZeLJGWsw
--> 8!{=+-grease 7N}9_80% GL[9 }#I`Kx}) mJw
-PFJMFv12BxUgTzf305i+dqevE18VzMjjdUYtaLRc2GW5PDGEhUf58HMWsqKVSTwu
-CSp9e8dSNE0JqEDR7Y9vkHGmEsoTP/4
---- zz2KJqzb87axtYxVRiUYyOxhK2vVQ5C5oa++Jp43Q58
-É²Á-ÏßTy$§z‚uÈe³¦àP«[j#<ƒHjûõ>=Žbi#DJ;:ÊdX“-¶Ú´)ðî?ý)KvŠòç¼­…ŠDÍæ
\ No newline at end of file
+-> ssh-ed25519 B9K/XQ RPTsuo5LXtXQ0yRf4lix7nOn48nJawJo/fv3mYZJfCs
+FTIAc4/v/TQipi5I4KaOX0GDksh8TzjC7eSAl0tIOBk
+-> X25519 pWMx1kfOtpKjB2v0nxlxsxMAgNTUcHlwd/P4+1KxJh4
+hgBRp0O9u9g+E27L+gFwNQQO8U9CTpO4wimbSrw5xGA
+-> E4fsjus0-grease ?9*Pp +%i8{y
+2RUCSOqmenVa1VlGqIXGuFcs8tbJavzHAqkIeMKVRGhE8akkRwAluTvXMMSD4fXJ
+MqXGrxz2CpkwsUgq1nV80GHpQP6a
+--- TXdOf7GTxBUBkH3NnM+BnXif8xbGDf4xxPgHX/oTyhk
+EÆ¾¿ZÏGT%}^hŒÅ!.5Ø®¹5u­ëxxHRÆÕÈ‚Vì…bc‰úu£ï¾3Pð£œ«ŸÂkcìì$N‰I°áŽÎ$m2ûÿ
\ No newline at end of file
diff --git a/secrets/synapse.yaml.age b/secrets/synapse.yaml.age
index 03dd300..a31d18b 100644
Binary files a/secrets/synapse.yaml.age and b/secrets/synapse.yaml.age differ
diff --git a/secrets/user-passwd.txt.age b/secrets/user-passwd.txt.age
index 33ab7cf..01a1b74 100644
--- a/secrets/user-passwd.txt.age
+++ b/secrets/user-passwd.txt.age
@@ -1,23 +1,23 @@
 age-encryption.org/v1
--> ssh-ed25519 FAIX7A 9lwGzxHbaj59re00D+VBn31xh6lXBdqlocUWbuGl0lk
-WWXUSz//VWPGWwNRNDOY9rNZHEMj74gJDPyPzntmONk
--> ssh-ed25519 SKXJUw 9espI6g1Y0xAOf8RZaYTnw6Y7YSTN5Wv/9JqHMOe5Wo
-ZaujblPPK14BYY67ffHCmRg33xljYwl/4YygG9efKQc
--> ssh-ed25519 wbGjmA U6GrN0iOmz77kOwa1VQ/0Cn7v/EiAJh1ZUOhJuqloVA
-xB8Uu6+tVXNbAqCSkHYMvBla/oJA0nOHayrHtN4yCGQ
--> ssh-ed25519 B9K/XQ gMQEYYshD9fFvI0vrUER/2OWZYRICGem5bX7ZIP16kQ
-9QwTY23a5C8TZ+1wUeqYWLWM4zSQNNzUoaqhkhQLxG4
--> ssh-ed25519 vf+WVg 3MU9AIwghf/IDoMuAZEX3GuFz1w7vYtSso5I5BDY/hM
-b1U0PexxCj4DTQB41bDi6bKktoOiA+xDDMLZYPHCMlA
--> ssh-ed25519 H162lQ 99SwlUFFeKMu8VH2264WyjJVugRKYcAFHF2aHtCGyE8
-LL2cJEdKtqrylLZWQVCoZQ9bGkCD6xPeY0K5C+sMrm0
--> ssh-ed25519 b6YMqg ME2+OkaFz7ZkAy4izG26lmYMl47AF5NZFojEhawj0nU
-FsMXB4ymF0e/FyySdEjE3LAJw3q0Ax5BQk9m0Zsu4cg
--> ssh-ed25519 Lqn0Yw CwGVxMt//mUhJp2Dv1juO8oWFVNML0Q+zTqsqncEo0U
-/YzScABKV/949EQnf8ztFzNQGzjGOWPj9iXHy2uFDYM
--> X25519 I0lKCScunZXPMiHBpGhFa7nAGFg3NeAslOdutKkyuFo
-csAlkN1jWUbUxlWRF/mAX1TT95ZU7iTDUa7uGi3Gtjk
--> Q?#-grease @c:
-CXkWEsR63Q4TflQd95UiFCazSFterOzSMmqRaCR/uQBhUEkyPc0
---- aOjcucJdwzcZQ2eT5PBsU7P0o1xlCgCMqPDWczEWY28
-7ÊÞBä"ËûtŠÅÖšG6þÆÑø€ÂB?¢`ŽÌ-ÒraÇ^Jlcl5øgàˆŠ–[÷9M#FŒ­jÁè&M˜n‰ê]‚S ÈevúÀoÞ¹}¨_nþ5;ðÜºÇ/1„·Ã|º§cêL¯ÂñC¤f¾!=ó*A»¶€t{­
\ No newline at end of file
+-> ssh-ed25519 FAIX7A pl4zTRrmyNifdO8b8doSjet5gSoFpONfiguMwVpOHCU
+7Xh//uKMTAommAVmmr4umaKT+sc1UMpyN0x5nktXd74
+-> ssh-ed25519 j67FXQ wpxRi34I+bFkP+bkOPsBRpoZXem7EBU0qEEoI7reiFw
+8q54R8NNM4pOybQdijpKgukvzNSKgkHMkmyvkC40aCU
+-> ssh-ed25519 wbGjmA 9W9Zd6IiHTAyDmtdFHICgHNBNmSv69dWIQ5PWrBmbFc
+ypSUUmdRztDAFFMHr9KHPPZhtk9wT+nOI6fU3f/r95A
+-> ssh-ed25519 B9K/XQ z9MyCdvCDmEpoQ6VAc4UL5ykKT2y7dTWkd8uC0TCqWY
+dI48qpfve02o34ThBSuXpR+k/ZS0JdcWWS0lHZEy5Xk
+-> ssh-ed25519 vf+WVg Is1UbqPX+Wg/Z+ofr6pltx1Hd/YU7r0Cw43vYN7U834
+BpsNPysnx0kDPvZNx5kiHBqowGxc/ixcxLbVrEEVNEQ
+-> ssh-ed25519 H162lQ fLD0bnsOAT8YAwRwScQmDY74CCiKz5o502ENBs3HyCk
+4BOHx7fsMEIrKUt1wQ/wZwthMQMtJLcLRt5zrNY7pOI
+-> ssh-ed25519 b6YMqg 87GJmhVV49B3lI74QT4GszBMWIoADwZ6Tr+gn7ai9gk
+oHvVeEduJ0WBl0WmXAKgn6qmC8GRZ3uKQHwaEehKemI
+-> ssh-ed25519 Lqn0Yw 14WT2Odd9MqCJRmFnXYMT+78J5tPAoE3ZN50eY8o3wY
+4RZjgE0MG7DkGBa7msq4cq3sSBQp+AMzghAvMWpEpds
+-> X25519 UWwTiaziKhTE4iW3IPYg3eVtgRp+bnyWxrcW3k66VmA
+Qb0Sj+t22AqS0lgx7uaiDgOn7KMxnDvUKRczTQB9TG0
+-> N6|5#-grease
+
+--- SBETWPCFXoHLlWtd8R+ZSoFVqaE1RThAP1QwkU+f9a4
+™þ£d˜âÐý++ÍéÄxNÅñõùÓa"^¢w ä.—Ì•”#ìÅõ‹¾4=ØñÒ³ï×<l3.ÄŸŠ‡¾ot"Ñæ¤¿Ùò¬sc Ul6=¼6ðÙv9‰3Ì»¢[ônÔÔû¿…M­9)Ã€k2YÂÜ1Ü¸gi¯>NÐ-J†=ÿ¸²àžÖé-
\ No newline at end of file
diff --git a/secrets/vaultwarden.env.age b/secrets/vaultwarden.env.age
index b60971d..f96a001 100644
--- a/secrets/vaultwarden.env.age
+++ b/secrets/vaultwarden.env.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 Lqn0Yw r7XhdzWjjBP5HLeX+RwIek+vTZP1wZhhO5sr0LppdwI
-4HH91EuAKYOQ5E37/dH7fgFKShxE1aX7v/njbL4cNMU
--> X25519 itbc3rl6K9BmbhNsMo/FaeOynrtrpZj5Zt0VF3McYmw
-Cc0jPYLqyp5X4+KPfpy821mpCVSDke+z+Al/8Hp7vc0
--> WQA%nPY-grease n&Oc2@ sf 05
-aC3qV0yeKogkc/OdfKhxW2rv4GDlT4mMlPA5FoqMA/2lq6yCoeMjGffwzXVEsauq
-IRyYz3R/53ZrFtfefkBS5P4d4d/OmI6lsA
---- KYxAUYn/NHyfCJO+WqH0JKJKQZMCQYSeMryS/Kw3n8s
-;iˆ7KÁ†,T&{›1^™]WVñÛðÞzL¸K·s	Yóá™é\¤ó|@z`b'„-­Žlk·P'aëT¯'À'mZök7¸6êiKøÔ*-tŠ 	1:ŠmÊUIûÖqNÑ‡Þ‰sÎt™ì)#¢ô
\ No newline at end of file
+-> ssh-ed25519 Lqn0Yw 6M1t8mb0iZdJSPiz8Nu0nRywlpArnvcxizdxr6u6yGM
+w1PzOCZszgyc8vF5GJPI5l8RtQwFv0CNhpAxJAF6TOw
+-> X25519 +M017bsZwXazaojl9szfKRagMK1lzc+gpbaqKNhRuFU
+fx3Y7OykdZXK1g9ixdhExhAmLqoVrWlNUqvkMPYtc0Q
+-> Lv3@gmCc-grease v5T@.
+BUBGyMXy
+--- PoRgQ9bY+fxY2gJXHUQbEGW/bqa7KwonajSG+ccr6Mo
+ÛØ	IóëR‡0Ç?>AØ†lóÁÞ.‰E¤¡ÿÊ$ÌåÀCÊß^â!fËg‘ÛÛ†3¸Êd;i;–y[‚ù;j‘Ý¯¾âÌ0ÑýWl¥¾:þÜq—›ˆÝsëFiÉœMãüt-1+Ýq
\ No newline at end of file