diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix
index 4f334ec..0ef1e8c 100644
--- a/hosts/lapserv/default.nix
+++ b/hosts/lapserv/default.nix
@@ -10,6 +10,7 @@
     server = {
       baseDomain = "jsw.tf";
       derek-bot.enable = true;
+      derek-site.enable = true;
       forgejo = {
         enable = true;
         subDomain = "git";
diff --git a/secrets/default.nix b/secrets/default.nix
index ebb6d1c..1c8f789 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -23,7 +23,7 @@ in {
       owner = "derek-bot";
     };
     derek-site = isEnabled "derek-site" {
-      file = ./derek-bot.age;
+      file = ./derek-site.age;
       owner = "derek-site";
     };
     # matrix-registration = isEnabled "matrix" {
diff --git a/secrets/derek-site.age b/secrets/derek-site.age
index bab4b4e..83a3e34 100644
Binary files a/secrets/derek-site.age and b/secrets/derek-site.age differ
diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix
index 97f6d43..377fdc2 100644
--- a/system/server/derek-site.nix
+++ b/system/server/derek-site.nix
@@ -18,17 +18,14 @@
   programDir = "${mainDir}/program";
   denoDir = "${mainDir}/deno";
 
-  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
-  run = pkgs.writeShellScriptBin "geen-dolfijn" ''
-    cd "${programDir}"
-    export $(grep -v '^#' "${config.age.secrets.${userGroup}.path}" | xargs)
-
-    deno run preview
-  '';
+  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git pkgs.nodejs]);
 in {
   options.niksos.server.${name}.enable = mkEnableOption name;
 
   config = mkIf cfg {
+    services.caddy.virtualHosts."geen-dolfijn.nl".extraConfig = ''
+      reverse_proxy http://127.0.0.1:9010
+    '';
     systemd.services.${userGroup} = {
       enable = true;
       after = ["network.target"];
@@ -54,24 +51,27 @@ in {
         cd "${programDir}"
         git fetch
         git reset --hard origin/HEAD
+        rm -rf build || echo no build here lol
 
-        DENO_DIR=${denoDir} deno i
+        cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secrets.json"
+
+        DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp
+        DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error
       '';
 
       serviceConfig = {
         StateDirectory = userGroup;
-        ExecStart = getExe run;
+        ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --host --port 9010'";
         User = userGroup;
         Group = userGroup;
         Restart = "always";
-        RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s
       };
     };
 
     users.groups.${userGroup} = {};
     users.users.${userGroup} = {
       group = userGroup;
-      isSystemUser = true;
+      isNormalUser = true;
     };
   };
 }