diff --git a/nixos/machines/apollo/configuration.nix b/nixos/machines/apollo/configuration.nix
index 84092569..6eb42cb1 100644
--- a/nixos/machines/apollo/configuration.nix
+++ b/nixos/machines/apollo/configuration.nix
@@ -28,7 +28,8 @@ in {
       m0wire = {
         allowedIPsAsRoutes = false;
         ips = [ "${hosts.apollo-wg}/112" ];
-        privateKeyFile = "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
+        privateKeyFile =
+          "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
         peers = [{
           publicKey = wireguard.pub.hera;
           allowedIPs = [ "::/0" ];
@@ -90,15 +91,15 @@ in {
   };
   boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
 
-  cdark_net = {
-    enable = true;
-    hostName = "${me.user}_${config.networking.hostName}";
-    ed25519PrivateKeyFile = /etc/nixos/nixos/machines + "/${config.networking.hostName}"
-      + /secret/tinc/ed25519_key.priv;
-    hostsDirectory =
-      (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
-    ip6address = "fd23:42:cda:4342::2";
-    ip4address = "172.20.71.2";
-  };
+  #cdark_net = {
+    #enable = true;
+    #hostName = "${me.user}_${config.networking.hostName}";
+    #ed25519PrivateKeyFile = /etc/nixos/nixos/machines
+      #+ "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
+    #hostsDirectory =
+      #pkgs.fetchgit { url = "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"; };
+    #ip6address = "fd23:42:cda:4342::2";
+    #ip4address = "172.20.71.2";
+  #};
   system.stateVersion = "19.09";
 }
diff --git a/nixos/machines/hera/boot.nix b/nixos/machines/hera/boot.nix
index e9c4d3ef..1d7013fa 100644
--- a/nixos/machines/hera/boot.nix
+++ b/nixos/machines/hera/boot.nix
@@ -1,6 +1,6 @@
 { ... }: {
 
-  m-0.server.initSSHKey = ./secret/boot_rsa;
+  m-0.server.initSSHKey = ./secret/ssh_boot_rsa;
 
   boot = {
     loader.grub = {
diff --git a/nixos/machines/hera/cloud.nix b/nixos/machines/hera/cloud.nix
index f970d5ca..e5803fef 100644
--- a/nixos/machines/hera/cloud.nix
+++ b/nixos/machines/hera/cloud.nix
@@ -54,7 +54,6 @@ let
         nextcloud = {
           enable = true;
           hostName = hostname;
-          nginx.enable = true;
           package = pkgs.nextcloud18;
           maxUploadSize = "10g";
           caching = {
diff --git a/nixos/machines/hera/secret/ssh_boot_rsa b/nixos/machines/hera/secret/ssh_boot_rsa
new file mode 100644
index 00000000..39f2582b
Binary files /dev/null and b/nixos/machines/hera/secret/ssh_boot_rsa differ
diff --git a/nixos/roles/boot-key.nix b/nixos/roles/boot-key.nix
index 62159563..f9f1974a 100644
--- a/nixos/roles/boot-key.nix
+++ b/nixos/roles/boot-key.nix
@@ -1,19 +1,15 @@
 { lib, config, ... }:
-let
-  secretsFile = "/var/lib/luks-secret/key";
-  secretsInitrd = "/boot/grub/secrets-initrd.gz";
+let secretsFile = "/var/lib/luks-secret/key";
 in {
-  boot.initrd.luks.devices."nixos" = {
-    fallbackToPassword = true;
-    keyFile = secretsFile;
-  };
-  # copy the secret into the additional initramfs. `null` means same path
-  boot.initrd.secrets."${secretsFile}" = null;
-  boot.loader = {
-    supportsInitrdSecrets = lib.mkForce true;
-    grub.extraInitrd = secretsInitrd;
-    grub.extraPrepareConfig = ''
-      ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
-    '';
+  boot = {
+    initrd = {
+      luks.devices."nixos" = {
+        fallbackToPassword = true;
+        keyFile = secretsFile;
+      };
+      # copy the secret into the additional initramfs. `null` means same path
+      secrets."${secretsFile}" = null;
+    };
+    loader.supportsInitrdSecrets = lib.mkForce true;
   };
 }
diff --git a/nixos/roles/server/init_ssh.nix b/nixos/roles/server/init_ssh.nix
index 7f96d575..f476b560 100644
--- a/nixos/roles/server/init_ssh.nix
+++ b/nixos/roles/server/init_ssh.nix
@@ -9,11 +9,7 @@ with lib; {
         ssh = {
           enable = true;
           authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-
-          # generate file with
-          # nix-shell -p dropbear
-          # dropbearkey -t rsa -f boot_rsa
-          hostRSAKey = config.m-0.server.initSSHKey;
+          hostKeys = [ config.m-0.server.initSSHKey ];
         };
       };
       postMountCommands = "ip link set eth0 down";
diff --git a/overlays/email2matrix/package.nix b/overlays/email2matrix/package.nix
index 38615274..0bbba963 100644
--- a/overlays/email2matrix/package.nix
+++ b/overlays/email2matrix/package.nix
@@ -8,5 +8,5 @@ buildGoModule rec {
     rev = version;
     sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
   };
-  modSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
+  vendorSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
 }
diff --git a/overlays/neuron-language-server/package.nix b/overlays/neuron-language-server/package.nix
index 0b938c51..58df3925 100644
--- a/overlays/neuron-language-server/package.nix
+++ b/overlays/neuron-language-server/package.nix
@@ -1,7 +1,7 @@
 { buildGoModule, fetchFromGitHub }:
 buildGoModule {
   pname = "neuron-language-server";
-  version = "0.1";
+  version = "0.1.1";
 
   src = fetchFromGitHub {
     owner = "aca";
@@ -10,5 +10,7 @@ buildGoModule {
     sha256 = "1kbh0bzzfmk7aj3c6k3ifwx4p42lw2pnr68srk3qpy6hjna8nczb";
   };
 
-  vendorSha256 = "02dajl4l3c8522ik2hmiq8cx4kj4h2ykx8l7qsal5xznx9pqbs7i";
+  doCheck = false;
+
+  vendorSha256 = "0pjjkw0633l8qbvwzy57rx76zjn3w3kf5f7plxnpxih9zj0q258l";
 }