diff --git a/configuration.nix b/configuration.nix
index 9baffcf..2c3c8d7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -4,30 +4,22 @@
     [
       ./hardware-configuration.nix
       ./application-configuration.nix
-      ./virtualisation.nix
+      ./networking-configuration.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "talos";
-
   # Set your time zone.
   time.timeZone = "America/New_York";
 
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-    "intel-ocl"
-  ];
-
-  hardware.opengl.extraPackages = with pkgs; [
-    intel-ocl
-  ];
-
   users.users.caleb = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
-    hashedPassword = "$y$j9T$v6EDyPW8C/K.Th4xg8MHL/$tA67k6U0kLtafTNNW2DM7j.xObjPSaZFQ4e/beBX7g2";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpfoa2RDRJx8SjZgSKdfPauLvxgzJ8rR8l6Yb80A1T7 caleb@surface"
+    ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -42,9 +34,6 @@
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
-  # Enable tailscale
-  services.tailscale.enable = true;
-
   #neovim 
   programs.neovim = {
     enable = true;
@@ -53,7 +42,6 @@
     vimAlias = true;
   };
 
-  # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
   #
   # Most users should NEVER change this value after the initial install, for any reason,
diff --git a/networking-configuration.nix b/networking-configuration.nix
new file mode 100644
index 0000000..f160a46
--- /dev/null
+++ b/networking-configuration.nix
@@ -0,0 +1,35 @@
+{
+  ## main networking
+  networking.hostName = "talos";
+  services.tailscale = {
+    enable = true;
+    permitCertUid = "caddy"; # allow caddy to get ssl certs from tailscale
+  };
+
+  ## adguard on
+  services.adguardhome = {
+    enable = true;
+    mutableSettings = true;
+  };
+
+  ## caddy config
+  ##services.caddy = {
+  ##  enable = true;
+  ##  virtualHosts = {
+  ##    "talos.cobia-ghost.ts.net" = {
+  ##      serverAliases = [ "talos" ];
+  ##	listenAddresses = [ "100.64.0.0/10" ];
+  ##	extraConfig = ''
+  ##      handle /adguard/* {
+  ##        reverse_proxy 127.0.0.1:8080
+  ##      }
+
+  ##      handle {
+  ##        respond "Hello, world!"
+  ##      }
+  ##	'';
+  ##    };
+  ##  };
+  ##};
+}
+
diff --git a/virtualisation.nix b/virtualisation.nix
deleted file mode 100644
index 1a66142..0000000
--- a/virtualisation.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    podman-compose
-  ];
-
-  virtualisation = {
-    podman = {
-      enable = true;
-      dockerCompat = true;
-      defaultNetwork.settings.dns_enabled = true;
-    };
-  };
-}