diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix
index 4f334ec..0ef1e8c 100644
--- a/hosts/lapserv/default.nix
+++ b/hosts/lapserv/default.nix
@@ -10,6 +10,7 @@
     server = {
       baseDomain = "jsw.tf";
       derek-bot.enable = true;
+      derek-site.enable = true;
       forgejo = {
         enable = true;
         subDomain = "git";
diff --git a/hosts/lapserv/hardware-configuration.nix b/hosts/lapserv/hardware-configuration.nix
index 282444c..5692d9f 100644
--- a/hosts/lapserv/hardware-configuration.nix
+++ b/hosts/lapserv/hardware-configuration.nix
@@ -1,17 +1,23 @@
 # Do not modify this file!  It was generated by â€˜nixos-generate-configâ€™
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+  boot = {
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
+    initrd.kernelModules = [];
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+  };
 
   # fileSystems."/" =
   #   { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e";
@@ -24,20 +30,20 @@
   #     options = [ "fmask=0022" "dmask=0022" ];
   #   };
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
+    fsType = "ext4";
+  };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/AE71-FD70";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/AE71-FD70";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736"; }
-    ];
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736";}
+  ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
diff --git a/secrets/default.nix b/secrets/default.nix
index c1cafa6..1c8f789 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -22,6 +22,10 @@ in {
       file = ./derek-bot.age;
       owner = "derek-bot";
     };
+    derek-site = isEnabled "derek-site" {
+      file = ./derek-site.age;
+      owner = "derek-site";
+    };
     # matrix-registration = isEnabled "matrix" {
     #   file = ./matrix-registration.age;
     #   owner = abstrServiceUser "matrix-continuwuity";
diff --git a/secrets/derek-site.age b/secrets/derek-site.age
new file mode 100644
index 0000000..33f7d7c
--- /dev/null
+++ b/secrets/derek-site.age
@@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-ed25519 GQzYWA GkqfPf+tdDEQa8RWdEX+OhEB0/p0PpFudx4NGpR5Cik
+CSxbatcY8s3JX0Wj2B7XKU9cO+kQAL2eg9eX0ukA21I
+-> ssh-ed25519 MfR7VA SHjQ3YY3z5JdbZCmct4prjXBug9JnYC/daluw4q0dwQ
+2AYJSI0jhRB/qDSBvzWQRpbyUNIrf1khjy83r1TARGI
+-> ssh-ed25519 +cvRTg j2DV+BM4VXYhgC91GE9mqHnxJX/6DexDYLDdB3/dMF4
+sfYe2TL8ksQ6zBKMwBJQSqZBHKPlUW3255qZf/FwS0A
+-> ssh-ed25519 WCPLrA nJHlAidKTa8xFLOIYXvG8MP3bbj2e62MRwkMkgsztEA
+jzPf28wYo5FgOB+uiI7r/xdhakXXBmRp0zjW0m5nPJ4
+-> ssh-ed25519 7/ziYw luRZzFqdT+xOtuqPIILhfNQQ//IOb3CewrMIrkYuijQ
+QiuNNcYK7i0/mVDkcmEJiSiFy7ydT4asFnLlFGmzV/o
+-> ssh-ed25519 VQy60Q raBea0oINduk69QI1UzDs3z0Rld32sHMofFSkRQHdU0
+cyifYZSbV/sEbeWHb6VrAWf1kRJP5FGKzez/LQt3ahs
+--- OgztbV5bq/R2LAcjgGFdxYm55U8fle/EB/+L9v6vuRY
+ÈLÞ·ååÁ?ÞÔìÎ{•ˆÝvg‹åëëØ­]fp¶g&·‰hÃ~dÒp£rÕe~¢õ}|¿ž¢nMÕ$_óÑ
+yøwAâ8Dâö'R©jD&_é)±hD]‘âj‰õBW[ËÛq¬ŒÆ”¡ð¿f/°¾§ÈusóQc³ª‘‹±ð-µ%µEë¾¦@‰ƒ¾ÎÜå)ßÞ`É2${{\åE8êìŸùo—ÈÍPBnEûG”_‘ZØ]ÖßHQ”Å°žÅ¤&ÝEE·˜ærñÕwN—Aÿ“63ITÑ¦\g•yÍ´Þ‘â²ËFÚó¢;L_sT€ôÞ†‹üL½€AD°`2U/c
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 66e90da..1fd8855 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -16,6 +16,7 @@ in {
   "password.age".publicKeys = keys;
   "jsw-bot.age".publicKeys = keys;
   "derek-bot.age".publicKeys = keys;
+  "derek-site.age".publicKeys = keys;
   "matrix-registration.age".publicKeys = keys;
   "mail-admin.age".publicKeys = keys;
   "zitadel-key.age".publicKeys = keys;
diff --git a/system/server/default.nix b/system/server/default.nix
index 920d92c..06ef7b9 100644
--- a/system/server/default.nix
+++ b/system/server/default.nix
@@ -7,6 +7,7 @@ in {
     ./jsw-bot.nix
     ./caddy.nix
     ./derek-bot.nix
+    ./derek-site.nix
     ./forgejo.nix
     ./immich.nix
     ./index
diff --git a/system/server/derek-site.nix b/system/server/derek-site.nix
new file mode 100644
index 0000000..66e770c
--- /dev/null
+++ b/system/server/derek-site.nix
@@ -0,0 +1,87 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  name = "derek-site";
+  cfg = config.niksos.server.${name}.enable;
+
+  userGroup = name;
+  gitRepo = "https://github.com/Definitely-Not-A-Dolphin/Geen-Dolfijn";
+
+  inherit (lib) getExe mkEnableOption mkIf;
+  bash = getExe pkgs.bash;
+
+  varLib = "/var/lib/";
+  mainDir = "${varLib}${userGroup}";
+  programDir = "${mainDir}/program";
+  denoDir = "${mainDir}/deno";
+
+  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.deno pkgs.git pkgs.nodejs]);
+  runScript = pkgs.writeShellScriptBin "geen-dolfijn" ''
+    export PATH='${path}'
+    set -a
+    . ${config.age.secrets.${userGroup}.path}
+    set +a
+
+    cd ${programDir}
+    deno run preview --host --port 9010
+  '';
+in {
+  options.niksos.server.${name}.enable = mkEnableOption name;
+
+  config = mkIf cfg {
+    services.caddy.virtualHosts."geen-dolfijn.nl".extraConfig = ''
+      reverse_proxy http://127.0.0.1:9010
+    '';
+    systemd.services.${userGroup} = {
+      enable = true;
+      after = ["network.target"];
+      wantedBy = ["default.target"];
+      description = userGroup;
+
+      environment = {
+        "DENO_DIR" = denoDir;
+        "PATH" = lib.mkForce path;
+      };
+
+      preStart = ''
+        export PATH=${path}
+        set -a
+        . ${config.age.secrets.${userGroup}.path}
+        set +a
+
+        cd "${mainDir}"
+        chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo
+
+        if [ ! -d "${programDir}" ]; then
+          git clone "${gitRepo}" "${programDir}"
+        fi
+        chmod -R 750 ${mainDir}/* || echo
+
+        cd "${programDir}"
+        git fetch
+        git reset --hard origin/HEAD
+        rm -rf build || echo no build here lol
+
+        DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp
+        DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error
+      '';
+
+      serviceConfig = {
+        StateDirectory = userGroup;
+        ExecStart = getExe runScript;
+        User = userGroup;
+        Group = userGroup;
+        Restart = "always";
+      };
+    };
+
+    users.groups.${userGroup} = {};
+    users.users.${userGroup} = {
+      group = userGroup;
+      isNormalUser = true;
+    };
+  };
+}
diff --git a/system/server/lib/extractWebOptions.nix b/system/server/lib/extractWebOptions.nix
index 805fea1..cf84dd2 100644
--- a/system/server/lib/extractWebOptions.nix
+++ b/system/server/lib/extractWebOptions.nix
@@ -11,8 +11,8 @@
     then ""
     else "${cfg.subDomain}.";
 in
-  cfg // 
-  {
+  cfg
+  // {
     domain = "${subDomain}${baseDomain}";
     inherit baseDomain subDomain;
   }