diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix
index 0ef1e8c..4f334ec 100644
--- a/hosts/lapserv/default.nix
+++ b/hosts/lapserv/default.nix
@@ -10,7 +10,6 @@
     server = {
       baseDomain = "jsw.tf";
       derek-bot.enable = true;
-      derek-site.enable = true;
       forgejo = {
         enable = true;
         subDomain = "git";
diff --git a/secrets/default.nix b/secrets/default.nix
index 1c8f789..ebb6d1c 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -23,7 +23,7 @@ in {
       owner = "derek-bot";
     };
     derek-site = isEnabled "derek-site" {
-      file = ./derek-site.age;
+      file = ./derek-bot.age;
       owner = "derek-site";
     };
     # matrix-registration = isEnabled "matrix" {
diff --git a/secrets/derek-site.age b/secrets/derek-site.age
index 83a3e34..bab4b4e 100644
Binary files a/secrets/derek-site.age and b/secrets/derek-site.age differ
diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix
index 377fdc2..97f6d43 100644
--- a/system/server/derek-site.nix
+++ b/system/server/derek-site.nix
@@ -18,14 +18,17 @@
   programDir = "${mainDir}/program";
   denoDir = "${mainDir}/deno";
 
-  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git pkgs.nodejs]);
+  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
+  run = pkgs.writeShellScriptBin "geen-dolfijn" ''
+    cd "${programDir}"
+    export $(grep -v '^#' "${config.age.secrets.${userGroup}.path}" | xargs)
+
+    deno run preview
+  '';
 in {
   options.niksos.server.${name}.enable = mkEnableOption name;
 
   config = mkIf cfg {
-    services.caddy.virtualHosts."geen-dolfijn.nl".extraConfig = ''
-      reverse_proxy http://127.0.0.1:9010
-    '';
     systemd.services.${userGroup} = {
       enable = true;
       after = ["network.target"];
@@ -51,27 +54,24 @@ in {
         cd "${programDir}"
         git fetch
         git reset --hard origin/HEAD
-        rm -rf build || echo no build here lol
 
-        cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secrets.json"
-
-        DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp
-        DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error
+        DENO_DIR=${denoDir} deno i
       '';
 
       serviceConfig = {
         StateDirectory = userGroup;
-        ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --host --port 9010'";
+        ExecStart = getExe run;
         User = userGroup;
         Group = userGroup;
         Restart = "always";
+        RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s
       };
     };
 
     users.groups.${userGroup} = {};
     users.users.${userGroup} = {
       group = userGroup;
-      isNormalUser = true;
+      isSystemUser = true;
     };
   };
 }