diff --git a/README.md b/README.md
index eabc71a..9f8cc50 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,8 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
 ## port allocation
 
 * 80X0: public HTTP services that are proxied through nginx
-* 40X0: private HTTP services that are accessible via tailscale
+* 40X0: syncthing instances (4000 being the system instance, subsequent ones are for individual users)
+* 60X0: private HTTP services that are accessible via tailscale
 * 20XX: Administrative stuff, like prometheus etc.
 
 * 8000: vaultwarden
diff --git a/common/users.nix b/common/users.nix
index eec3d31..5ba4530 100644
--- a/common/users.nix
+++ b/common/users.nix
@@ -10,12 +10,12 @@ in {
   users = {
     mutableUsers = false;
 
-    mainUser = "lukas";
+    mainUser = "helvetica";
 
     users = {
       root.hashedPassword = "!";
       ${mainUser} = {
-        description = "Lukas Wurzinger";
+        description = "Helvetica";
         uid = 1000;
         isNormalUser = true;
         hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
diff --git a/hosts/headful/work/users.nix b/hosts/headful/work/users.nix
new file mode 100644
index 0000000..87c3ee3
--- /dev/null
+++ b/hosts/headful/work/users.nix
@@ -0,0 +1,12 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.users) mainUser;
+in {
+  users = {
+    mainUser = lib.mkForce "lukas";
+    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
+  };
+}
diff --git a/hosts/headless/abacus/domains.nix b/hosts/headless/abacus/domains.nix
deleted file mode 100644
index 89658b5..0000000
--- a/hosts/headless/abacus/domains.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{lib, ...}: let
-  inherit (lib) types;
-in {
-  options.networking.domains = lib.mkOption {
-    description = "Domains.";
-    type = types.attrsOf types.str;
-    default = {};
-  };
-
-  config.networking.domains = {
-    wrz = "wrz.one";
-    helvetica = "helveticanonstandard.net";
-  };
-}
diff --git a/hosts/headless/abacus/miniflux.nix b/hosts/headless/abacus/miniflux.nix
deleted file mode 100644
index 6534c59..0000000
--- a/hosts/headless/abacus/miniflux.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# TODO: is this bloat
-{
-  config,
-  lib,
-  ...
-}: let
-  inherit (config.networking) domain;
-  virtualHostName = "flux.${domain}";
-in {
-  age.secrets = lib.mkSecrets {miniflux = {};};
-
-  services.miniflux = {
-    enable = true;
-    createDatabaseLocally = true;
-    adminCredentialsFile = config.age.secrets.miniflux.path;
-    config = {
-      LISTEN_ADDR = "localhost:8030";
-      BASE_URL = "https://${virtualHostName}";
-      CREATE_ADMIN = 1;
-      WEBAUTHN = 1;
-    };
-  };
-
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
-  };
-}
diff --git a/hosts/headless/vessel/storage.nix b/hosts/headless/vessel/storage.nix
index 63332ad..e899606 100644
--- a/hosts/headless/vessel/storage.nix
+++ b/hosts/headless/vessel/storage.nix
@@ -1,25 +1,25 @@
 {
   systemd.tmpfiles.settings = {
     "10-safe"."/srv/safe".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
 
     "10-storage"."/srv/storage".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
 
     "10-music"."/srv/music".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
 
     "10-compmusic"."/srv/compmusic".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
diff --git a/secrets/miniflux.age b/secrets/miniflux.age
deleted file mode 100644
index 143a74b..0000000
--- a/secrets/miniflux.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 SFHVrw VwrDNh+GCy0DmrV3OMYiRbqgGydHmTFAOcZBuan2Vzw
-115sdrY2HJ20N54ri9My0xQ8FKtrtVM6Sqj6WhBhRWY
--> ssh-ed25519 S+dwQQ PHAJ+oJTHvPS6mXgh05Jvp1d/xWrQhPQUtbjjOPSmxg
-M8Va3tfzOvxKhazTh3ER4nxj/yeg5zsAa3LM83Ig5nc
--> ssh-ed25519 bPbvlw 66Z61RSBu1Nq357Za3ulTQElX/u0lYlH+4URmTvIZnk
-gdD4V3XpBSJitOIb/FW3bz/L5tQoEvVjqRdTfpUaYjA
--> ssh-ed25519 ffmsLw 7ViNJzo8R91nAvFLDK7E9uvWZuh06haGYcbTF3gqeys
-j0fqQN7qs1Zish6QIp29NM47CEKasROpzHIClTZ2I/E
---- 0DnbkClnlbP1rTM9/o5MYyI6eq8oPT7r+VlORLtcQtw
-»YLÏŸÎüˆi‚P1p†’¸JP#]©2—ÑÀƒT•¨ca¿b
-ðêïA³ûR¯×8Ç8‰îßáá	Þð‚¡ºñŠmè¸-Æu^æóÊsc¨‡¡v
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a50f702..adda8aa 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,7 @@ let
   pubkeys = import ../pubkeys.nix;
   inherit (pubkeys) users hosts;
 in {
-  "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
+  "user-helvetica.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
   "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];
 
   "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
diff --git a/secrets/user-helvetica.age b/secrets/user-helvetica.age
new file mode 100644
index 0000000..d500ab6
Binary files /dev/null and b/secrets/user-helvetica.age differ