diff --git a/common/nixos.nix b/common/nixos.nix
old mode 100755
new mode 100644
index a11a852..9438694
--- a/common/nixos.nix
+++ b/common/nixos.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, self, ... }:
 
 # config that i use on all my hosts, that run native nixos
 # excluding for example my phone phone
@@ -20,5 +20,13 @@
     # https://discourse.nixos.org/t/add-bin-bash-to-avoid-unnecessary-pain/5673
     ln -nsf /run/current-system/sw/bin/bash /bin/bash
  '';
+
+  # the hosts file
+  networking.extraHosts = ''
+    ${builtins.readFile "${self}/misc/my-hosts"}
+    ${builtins.readFile "${self}/misc/my-hosts-me"}
+  '';
+  environment.etc.current_hosts.text = builtins.readFile "${self}/misc/my-hosts-me";
+  environment.etc.current_hosts.mode = "rw";
 }
 
diff --git a/flake.lock b/flake.lock
index 3a38be0..030125d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -467,8 +467,8 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1703959746,
-        "narHash": "sha256-eLwYN2n7EPL6VgN05OGOjwx6WSEhGn6Xv5gw8mPuCKk=",
+        "lastModified": 1705270732,
+        "narHash": "sha256-0e3gIDBHxmhAB5euNqOuf4i2LfWqKRSXPDX/HxaCJIs=",
         "path": "/home/me/work/log/new",
         "type": "path"
       },
diff --git a/flake.nix b/flake.nix
index 231b796..db29a25 100644
--- a/flake.nix
+++ b/flake.nix
@@ -110,7 +110,8 @@
       		system = "x86_64-linux";
       		modules = [
          		./hosts/hpm.nix
-					  #./hardware/hpm-laptop.nix
+					  ./hardware/hpm-laptop.nix
+            #./mods/hec-server.nix
       		];
    		};
 
@@ -210,16 +211,45 @@
       		system = "x86_64-linux";
       		specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; };
       		modules = [
-         		#./hosts/the-most-default.nix
-            ./users/root/default.nix
-            ./users/me/headless.nix
+
+
+            # sample de
+            ({
+              #services.xserver.enable = true;
+              #services.xserver.desktopManager.plasma5.enable = true;
+
+              #services.xserver.desktopManager.xterm.enable = false;
+              #services.xserver.desktopManager.xfce.enable = treu;
+
+              #services.xserver.desktopManager.gnome.enable = true;
+            })
+
+            # ssh server
+            # /*
+            ({
+              services.openssh = {
+                enable = true;
+                ports = [ 22 ];
+
+                settings.PasswordAuthentication = false;
+                settings.KbdInteractiveAuthentication = false;
+                settings.X11Forwarding = true;
+                extraConfig = ''
+                  X11UseLocalhost no
+                '';
+              };
+            })
+            # */
+
+            # boot loader and filesystem
+            /*
             ({ ... }: {
               fileSystems."/" = {
                 device = "/dev/disk/by-uuid/6518e61e-7120-48ef-81a3-5eae0f67297e";
                 fsType = "btrfs";
                };
 
-               system.stateVersion = "23.05"; # Did you read the comment?
+              system.stateVersion = "23.05"; # Did you read the comment?
               boot.loader.grub = {
                   enable = true;
                   device = "nodev";
@@ -229,7 +259,16 @@
                 '';
               };
             })
+            # */
+
+            # sdcard
+            "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-x86_64.nix"
+
+            # modules
+         		#./hosts/the-most-default.nix
+            #./users/root/default.nix
             #./users/me/headless.nix
+            ./users/me/headless.nix
 		        inputs.home-manager.nixosModules.home-manager
 		        ./common/all.nix
       		];
@@ -366,5 +405,6 @@
 
     pkgs = mypkgs;
     home.me = import ./users/me/gui-home.nix;
+    top = builtins.mapAttrs (name: value: value.config.system.build.toplevel) (self.nixOnDroidConfigurations // self.nixosConfigurations);
 	};
 }
diff --git a/hosts/acern-real.nix b/hosts/acern-real.nix
index ff80e56..19d59a2 100644
--- a/hosts/acern-real.nix
+++ b/hosts/acern-real.nix
@@ -6,9 +6,15 @@
     inputs.networkmanager.nixosModules.networkmanager
 		inputs.home-manager.nixosModules.home-manager
     ../common/all.nix
+    ../common/nixos.nix
     ../common/nixos-headless.nix
   ];
 
+  # hack fix
+  #home-manager.users.me.programs.firefox.
+  #home-manager.users.me.programs.firefox.
+  nixpkgs.config.allowUnfree = true;
+
   services.xserver = {
     desktopManager.gnome.enable = true;
 
diff --git a/hosts/hpm.nix b/hosts/hpm.nix
index cee602e..ae41b45 100644
--- a/hosts/hpm.nix
+++ b/hosts/hpm.nix
@@ -5,7 +5,6 @@
 		../common/all.nix
 		../common/nixos.nix
 		../common/nixos-graphical.nix
-    ../mods/hec-server.nix
     ../common/building.nix
 
 		inputs.home-manager.nixosModules.home-manager
diff --git a/hosts/main.nix b/hosts/main.nix
index 6ac2e8b..5ceb224 100644
--- a/hosts/main.nix
+++ b/hosts/main.nix
@@ -33,6 +33,8 @@
     ntfs3g
     dhcpcd
     looking-glass-client
+    swtpm
+    win-virtio
   ];
 
 
@@ -177,6 +179,7 @@
 	networking.hostName = "main";
 
 	security.polkit.enable = true;
+  services.rpcbind.enable = true;
 
   services.avahi.enable = true;
   services.avahi.hostName = "c2vi";
@@ -210,12 +213,6 @@
   #networking.hosts = {
     #"10.1.1.3" = [ "phone" ];
   #};
-  networking.extraHosts = ''
-    ${builtins.readFile "${self}/misc/my-hosts"}
-    ${builtins.readFile "${self}/misc/my-hosts-me"}
-  '';
-  environment.etc.current_hosts.text = builtins.readFile "${self}/misc/my-hosts-me";
-  environment.etc.current_hosts.mode = "rw";
   #environment.etc.hosts.mode = "rw";
 
   networking.networkmanager.profiles = {
@@ -416,7 +413,13 @@
 
 
   ######################################### virtualisation ###############################
-  	virtualisation.libvirtd.enable = true;
+  	virtualisation.libvirtd = {
+      enable = true;
+      qemuOvmf = true;
+      qemuSwtpm = true;
+      #qemuOvmfPackage = pkgs.OVMFFull;
+    };
+
     virtualisation.podman.enable = true;
 
     virtualisation.kvmgt.enable = true;
diff --git a/hosts/rpi.nix b/hosts/rpi.nix
index 4d8f635..8105e86 100644
--- a/hosts/rpi.nix
+++ b/hosts/rpi.nix
@@ -32,6 +32,7 @@
     bcache-tools
     su
     fuse3
+    terraform
   ];
 
   fileSystems."/" =
@@ -211,6 +212,44 @@
   };
 
 
+
+  ###################################### get oci ampere vm ####################################
+
+  systemd.services.oci-ampere = 
+    let 
+    oci-ampere = pkgs.writeShellApplication {
+      name = "oci-ampere";
+
+      runtimeInputs = with pkgs; [ terraform ];
+
+      text = ''
+        if [[ -f /home/me/here/oci-ampere-vm/not_gotten ]]
+        then
+          echo not gotten....................................
+          pwd
+          cd /home/me/here/oci-ampere-vm
+          terraform apply -auto-approve && rm /home/me/here/oci-ampere-vm/not_gotten
+        else
+          echo gotten!!!!!!!!!!!!!!!!!!!!!
+        fi
+      '';
+      };
+    in
+  {
+    enable = false;
+    description = "get a oci ampere vm";
+    unitConfig = {
+      Type = "simple";
+    };
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = "500s";
+      ExecStart = "${oci-ampere}/bin/oci-ampere";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+
   ################################## ssh ######################################
   services.openssh = {
     enable = true;
diff --git a/mybin/ru b/mybin/ru
index 4e6115d..c42d97f 100755
--- a/mybin/ru
+++ b/mybin/ru
@@ -42,12 +42,14 @@ rm /tmp/speed-test.iso
 
 elif [ "$1" == "speed-test-upload" ]
 then
-host=$1
+host=$2
+echo upload to $host
 cat /dev/random | pv | ssh $host "cat > /dev/null"
 
 elif [ "$1" == "speed-test-download" ]
 then
-host=$1
+host=$2
+echo download from $host
 ssh $host "cat /dev/random" | pv > /dev/null
 
 
diff --git a/programs/bash.nix b/programs/bash.nix
index 747a349..81e3fe6 100644
--- a/programs/bash.nix
+++ b/programs/bash.nix
@@ -89,9 +89,11 @@
 			export TERM="xterm-color"
       export system=${system}
       export NIX_PATH=$NIX_PATH:nixpkgs=${self}
+      export NIXPKGS_ALLOW_UNFREE=1
 
       # the commit hash of nixpkgs 23.11
       export nip="nixpkgs/71db8c7a02f3be7cb49b495786050ce1913246d3"
+      export nup="nixpkgs/2a34566b67bef34c551f204063faeecc444ae9da"
 
       # needed to make ssh -X work
       # see: https://unix.stackexchange.com/questions/412065/ssh-connection-x11-connection-rejected-because-of-wrong-authentication
diff --git a/programs/ssh.nix b/programs/ssh.nix
index 39ed6b6..2665fb7 100644
--- a/programs/ssh.nix
+++ b/programs/ssh.nix
@@ -59,16 +59,15 @@
 				user = "me";
 			};
 
-			ocia = {
-				hostname = "140.238.173.196";
+			ocih = {
+				hostname = "152.67.70.13";
+				user = "ubuntu";
+			};
+			ocib = {
+				hostname = "140.238.213.48";
 				user = "ubuntu";
 			};
 
-			ocib = {
-				hostname = "140.238.211.43";
-				user = "root";
-				#identityFile = "${secretsDir}/private-key-ocib";
-			};
 		};
 	};
 
diff --git a/users/files/headless.nix b/users/files/headless.nix
index 863653a..fd45290 100644
--- a/users/files/headless.nix
+++ b/users/files/headless.nix
@@ -20,9 +20,10 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGw5kYmBQl8oolNg2VUlptvvSrFSESfeuWpsXRovny0x me@phone"
 
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmwi4ovyqhX/5YwGUZqntVD+i44qL+Nxf9Ubj4XxV9n me@acern"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIh7LDjwojcjJM8puPqFibx9zPn/k1cYgWXNQf0ZbC4 me@hpm"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC81lBzAYuwvcEITxRrUR8BT2geyj2dB91pNavUsulKj me@loki"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDvGUZE8lZ7OZifndT0nPPJrgKXScD7zMTRIeBfQOfwh me@lush"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgKX76Cnd0EpMakB6Iv0Qbkd0BoyHrFc5rgZTdLqIEd me@hpm"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgKLRF9iYRH3Y8hPjLX1ZY6GyavruqcQ0Q0Y8bnmpv9 me@tab"
   ];
 
 
diff --git a/users/me/gui-home.nix b/users/me/gui-home.nix
index 869954a..f9d9d01 100755
--- a/users/me/gui-home.nix
+++ b/users/me/gui-home.nix
@@ -86,6 +86,7 @@
 		xorg.xkill
     xorg.xmodmap
     inkscape
+    kazam
 
     # my own packages
     supabase-cli