diff --git a/base/nvim.nix b/base/nvim.nix
index 3546ae8..8deeeee 100644
--- a/base/nvim.nix
+++ b/base/nvim.nix
@@ -1,11 +1,18 @@
 { pkgs, ... }:
 
 {
-    environment.systemPackages = with pkgs; [
-      neovim
-    ];
+  environment.systemPackages = with pkgs; [
+    neovim
 
-    environment.variables = {
-      EDITOR = "nvim";
-    };
-}
\ No newline at end of file
+  (lib.hiPrio (makeDesktopItem {
+    name = "nvim";
+    desktopName = "Neovim";
+    noDisplay = true;
+    exec = "";
+  }))
+  ];
+
+  environment.variables = {
+    EDITOR = "nvim";
+  };
+}
diff --git a/configs.nix b/configs.nix
index 8d49a0a..2f08078 100644
--- a/configs.nix
+++ b/configs.nix
@@ -1,6 +1,6 @@
 { inputs }:
 
-let 
+let
   lib = inputs.nixpkgs.lib;
 
   recursiveImport = import ./rI.nix { inherit lib; };
@@ -25,16 +25,42 @@ in
     ];
   };
 
-
-  notframework = lib.nixosSystem {
+  k3sMain = lib.nixosSystem {
     specialArgs = specialArgs // {
       hostVars = {
-        hostname = "framework-12";
+        hostname = "precision-tower-5810";
+        stateVersion = "25.11";
+      };
+    };
+    modules = recursiveImport [
+      ./base
+      ./hosts/k3s-nixos-01
+    ];
+  };
+
+  lillypilly = lib.nixosSystem {
+    specialArgs = specialArgs // {
+      hostVars = {
+        hostname = "lillypilly";
         stateVersion = "25.05";
       };
     };
     modules = recursiveImport [
       ./base
+      ./hosts/lilly
     ];
   };
-}
\ No newline at end of file
+
+   kiwi = lib.nixosSystem {
+    specialArgs = specialArgs // {
+      hostVars = {
+        hostname = "kiwi";
+        stateVersion = "25.11";
+      };
+    };
+    modules = recursiveImport [
+      ./base
+      ./hosts/kiwi
+    ];
+  };
+}
diff --git a/hosts/framework/general.nix b/hosts/framework/general.nix
index 5c4f51d..b3916d3 100644
--- a/hosts/framework/general.nix
+++ b/hosts/framework/general.nix
@@ -1,25 +1,26 @@
 { pkgs, ... }:
 
-{ 
+{
   environment.systemPackages = with pkgs; [
     firefox
-    ungoogled-chromium
-    vscodium
-
-    spotify
-    nautilus
-    cloudflared
-    vesktop
-
     keepassxc
-    btop
+    vscodium
+    spotify
+    cloudflared
+    nautilus
 
+    vesktop
     signal-desktop
-    gradia
-    gimp
+    element-desktop
+    
+    direnv
+    dbeaver-bin
+    jetbrains.idea
   ];
 
   programs.obs-studio = {
     enable = true;
   };
-}
\ No newline at end of file
+
+  documentation.nixos.enable = false;
+}
diff --git a/hosts/framework/gnome.nix b/hosts/framework/gnome.nix
index 83d8b7d..d636e30 100644
--- a/hosts/framework/gnome.nix
+++ b/hosts/framework/gnome.nix
@@ -18,6 +18,6 @@
   environment.gnome.excludePackages = [ pkgs.gnome-tour ];
 
   environment.systemPackages = with pkgs; [
-      gnome-terminal
+      ptyxis
     ];
 }
\ No newline at end of file
diff --git a/hosts/framework/zen.nix b/hosts/framework/zen.nix
new file mode 100644
index 0000000..1b62172
--- /dev/null
+++ b/hosts/framework/zen.nix
@@ -0,0 +1,6 @@
+{ inputs, pkgs, ... }:
+{
+   environment.systemPackages = [
+    inputs.zen-browser.packages.${pkgs.stdenv.hostPlatform.system}.default
+  ];
+}
\ No newline at end of file
diff --git a/hosts/k3s-nixos-01/k3s.nix b/hosts/k3s-nixos-01/k3s.nix
index ea1f917..e200e95 100644
--- a/hosts/k3s-nixos-01/k3s.nix
+++ b/hosts/k3s-nixos-01/k3s.nix
@@ -1,10 +1,19 @@
-{ config, pkgs, ... }:
+{ config, pkgs, baseVars, ... }:
 
 {
   environment.systemPackages = with pkgs; [
     k3s
+    ollama-rocm
+    rocmPackages.rocm-smi
+    btop
   ];
 
+  users.users.${baseVars.username} = {
+    extraGroups = [
+      "video" "render"
+    ];
+  };
+
   environment.sessionVariables = {
     KUBECONFIG = "$HOME/.kube/config";
   };
@@ -17,8 +26,8 @@
   services.openssh = {
     enable = true;
     settings = {
-      PasswordAuthentication = no;
-      PermitRootLogin = "no";
+      PasswordAuthentication = true;
+      PermitRootLogin = "yes";
     };
   };
 
@@ -27,7 +36,7 @@
     after = [ "network.target" ];
     wantedBy = [ "multi-user.target" ];
     serviceConfig = {
-      ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token XXXXXXXXXXXXXXXXXXXXXXXXXXXX";
+      ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token token";
       Restart = "always";
       User = "cloudflared";
       Group = "cloudflared";
@@ -51,11 +60,12 @@
     ];
 
     firewall = {
-      enable = true;
+      enable = false;
       allowedTCPPorts = [
         6443
         10250
         22
+	      11434
       ];
       allowedUDPPorts = [ 8472 ];
     };
@@ -67,4 +77,35 @@
       }
     ];
   };
+
+  services.ollama = {
+	  enable = true;
+	  openFirewall = true;
+	  package = pkgs.ollama-rocm;
+	  host = "0.0.0.0";
+	  port = 11434;
+	  environmentVariables = {
+		  OLLAMA_ORIGINS = "https://ollama.illegalesachen.download";
+	  };
+  };
+
+  services.open-webui = {
+	  enable = true;
+	  host = "127.0.0.1";
+	  port = 11435;
+	  environment = {
+                  WEBUI_URL = "https://web-ui.illegalesachen.download";
+		  OLLAMA_BASE_URL = "http://127.0.0.1:11434";
+		  ENABLE_OAUTH_SIGNUP = "true";
+		  DEFAULT_USER_ROLE = "user";
+		  OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "true";
+		  OAUTH_CLIENT_ID = "open-webui";
+		  OAUTH_CLIENT_SECRET = "...";
+		  OPENID_PROVIDER_URL = "...";
+	    OPENID_REDIRECT_URI= "http://web-ui.illegalesachen.download/oauth/oidc/callback";
+	  };
+  };
+
+  hardware.graphics.enable = true;
+  hardware.enableRedistributableFirmware = true;
 }
diff --git a/hosts/k3s-nixos-02/k3s.nix b/hosts/k3s-nixos-02/k3s.nix
deleted file mode 100644
index 99f475e..0000000
--- a/hosts/k3s-nixos-02/k3s.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  environment.systemPackages = with pkgs; [
-    k3s
-  ];
-
-  environment.sessionVariables = {
-    KUBECONFIG = "$HOME/.kube/config";
-  };
-
-  services.k3s = {
-    enable = true;
-    role = "agent";
-    serverAddr = "https://192.168.1.89:6443";
-    tokenFile = "/var/lib/rancher/k3s/agent/token";
-  };
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [ 10250 22 ];
-    allowedUDPPorts = [ 8472 ];
-  };
-}
diff --git a/hosts/kiwi/kiwi.nix b/hosts/kiwi/kiwi.nix
new file mode 100644
index 0000000..d813164
--- /dev/null
+++ b/hosts/kiwi/kiwi.nix
@@ -0,0 +1,97 @@
+{ config, pkgs, ... }:
+
+{
+	environment.systemPackages = with pkgs; [
+	];
+
+	users.users.kiwi = {
+		isNormalUser = true;
+		extraGroups = [
+			"wheel"
+		];
+		openssh.authorizedKeys.keys = [
+			"ssh-ed25519 ..."
+		];
+	};
+
+	services.openssh = {
+		enable = true;
+		settings = {
+			PasswordAuthentication = true;
+			PermitRootLogin = "yes";
+		};
+	};
+	
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    serverAddr = "https://192.168.1.89:6443";
+    tokenFile = "/var/lib/rancher/k3s/agent/token";
+  };
+
+	networking.firewall = {
+		enable = true;
+		allowedTCPPorts = [ 21 22 2121 ];
+		allowedTCPPortRanges = [
+		{ from = 30000; to = 30100; }
+		]; 
+	};
+
+	services.sftpgo = {
+		enable = true;
+		settings = {
+			sftpd.bindings = [
+			{
+				port = 2022;
+				address = "0.0.0.0";
+			}
+			];
+			sftpd.password_authentication = true;
+
+			ftpd = {
+				bindings = [{
+					port = 21;
+					address = "0.0.0.0";
+				}];
+				passive_port_range = {
+					start = 30000;
+					end = 30100;
+				};
+			};
+		};
+		loadDataFile = pkgs.writeText "sftpgo-data.json" (builtins.toJSON {
+				users = [
+				{
+				status = 1;
+				username = "printer";
+				home_dir = "/var/lib/sftpgo/data";
+				password = "password"; 
+
+				permissions = {
+				"/" = [ "upload" "list" "delete" "download" ];
+				};
+				public_keys = [];
+				}
+				];
+				});
+	};
+
+	systemd.services.cloudflared-connector = {
+		description = "Cloudflare Tunnel Connector";
+		after = [ "network.target" ];
+		wantedBy = [ "multi-user.target" ];
+		serviceConfig = {
+			ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token token";
+			Restart = "always";
+			RestartSec = "10s";
+			User = "cloudflared";
+			Group = "cloudflared";
+		};
+	};
+
+	users.users.cloudflared = {
+		group = "cloudflared";
+		isSystemUser = true;
+	};
+	users.groups.cloudflared = { };
+}
diff --git a/hosts/lilly/lillypilly.nix b/hosts/lilly/lillypilly.nix
new file mode 100644
index 0000000..204dd95
--- /dev/null
+++ b/hosts/lilly/lillypilly.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    k3s
+  ];
+
+  users.users.lillypilly = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 ..."
+    ];
+  };
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    serverAddr = "https://192.168.1.89:6443";
+    tokenFile = "/var/lib/rancher/k3s/agent/token";
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = true;
+      PermitRootLogin = "yes";
+    };
+  };
+
+  networking.firewall = {
+    enable = false;
+    allowedTCPPorts = [ 10250 22 3001 ];
+    allowedUDPPorts = [ 8472 ];
+  };
+
+  services.uptime-kuma = {
+    enable = true;
+    settings = {
+	HOST = "0.0.0.0";
+	PORT = "3001";
+    };
+  };
+
+
+  systemd.services.cloudflared-connector = {
+    description = "Cloudflare Tunnel Connector";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token token";
+      Restart = "always";
+      RestartSec = "10s";
+      User = "cloudflared";
+      Group = "cloudflared";
+    };
+  };
+
+  users.users.cloudflared = {
+    group = "cloudflared";
+    isSystemUser = true;
+  };
+  users.groups.cloudflared = { };
+}