diff --git a/default.nix b/default.nix
index 9f9db2c..5ab44cf 100644
--- a/default.nix
+++ b/default.nix
@@ -7,6 +7,9 @@ with pkgs;
   hmModules = import ./modules/home;
   overlays = import ./overlays;
 
+  profiles = import ./modules/profiles;
+  hmProfiles = import ./modules/home/profiles;
+
   tubslatex = callPackage ./pkgs/tubslatex {};
   keys = callPackage ./pkgs/keys {};
 }
diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix
index 58b732f..d318f42 100644
--- a/hosts/gorgon/home/default.nix
+++ b/hosts/gorgon/home/default.nix
@@ -19,6 +19,7 @@ in
     kitty.enable = true;
     ssh.enable = true;
     syncthing.enable = true;
+    tmux.enable = true;
     xdg.enable = true;
     zsh.enable = true;
 
diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix
index 1c45848..1bad0b2 100644
--- a/hosts/ifrit/default.nix
+++ b/hosts/ifrit/default.nix
@@ -2,7 +2,7 @@
 let
   hostAliases = [
     "ifrit.dadada.li"
-    "vpn.dadada.li"
+    "bs.vpn.dadada.li"
     "media.dadada.li"
     "media.local"
   ];
@@ -36,8 +36,6 @@ in {
         key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
       };
     };
-
-    weechat.enable = true;
   };
 
   services.borgbackup.repos = {
@@ -117,16 +115,16 @@ in {
   security.acme = {
     email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
     acceptTerms = true;
-    certs."webchat.dadada.li" = {
-      credentialsFile = "/var/lib/lego/acme-joker.env";
-      dnsProvider = "joker";
-      postRun = "systemctl reload nginx.service";
-    };
-    certs."weechat.dadada.li" = {
-      credentialsFile = "/var/lib/lego/acme-joker.env";
-      dnsProvider = "joker";
-      postRun = "systemctl reload nginx.service";
-    };
+  #  certs."webchat.dadada.li" = {
+  #    credentialsFile = "/var/lib/lego/acme-joker.env";
+  #    dnsProvider = "joker";
+  #    postRun = "systemctl reload nginx.service";
+  #  };
+  #  certs."weechat.dadada.li" = {
+  #    credentialsFile = "/var/lib/lego/acme-joker.env";
+  #    dnsProvider = "joker";
+  #    postRun = "systemctl reload nginx.service";
+  #  };
   };
 
   users.users."mist" = {
diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix
new file mode 100644
index 0000000..7e4964f
--- /dev/null
+++ b/hosts/surgat/default.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+let
+  hostName = "surgat";
+  this = import ../.. {};
+  keys = ../../pkgs/keys/keys;
+in {
+  imports = [ this.profiles.base ];
+
+  networking.hostName = hostName;
+
+  dadada.admin = {
+    enable = true;
+    users = [ "dadada" ];
+  };
+
+  dadada.networking.vpnExtension = "4";
+  dadada.weechat.enable = true;
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [
+      22 # SSH
+      80 443 # HTTPS
+    ];
+    allowedUDPPorts = [
+      51234 # Wireguard
+    ];
+  };
+
+  security.acme = {
+    email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+}
diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix
new file mode 100644
index 0000000..3ae87ed
--- /dev/null
+++ b/modules/profiles/default.nix
@@ -0,0 +1,4 @@
+{
+  base = ./base;
+  laptop = ./laptop;
+}
diff --git a/modules/weechat.nix b/modules/weechat.nix
index dcc6be7..3f2c73d 100644
--- a/modules/weechat.nix
+++ b/modules/weechat.nix
@@ -14,9 +14,12 @@ in {
     };
 
     services.nginx.virtualHosts."webchat.dadada.li" = {
-      useACMEHost = "webchat.dadada.li";
+      enableACME = true;
       forceSSL = true;
-      serverAliases = [ "webchat.${config.networking.domain}" ];
+      serverAliases = [
+        "webchat.${config.networking.domain}"
+        "weechat.${config.networking.domain}"
+      ];
 
       root = pkgs.glowing-bear;
 
@@ -30,7 +33,7 @@ in {
       };
     };
     services.nginx.virtualHosts."weechat.dadada.li" = {
-      useACMEHost = "weechat.dadada.li";
+      useACMEHost = "webchat.dadada.li";
       forceSSL = true;
       serverAliases = [ "weechat.${config.networking.domain}" ];