diff --git a/README.md b/README.md
index c6b685e..8ac8975 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 Inspiration from https://gitlab.aliens-lyon.fr/AliENS/infrastructure
 
+# Install
 
 ## Make a disk image
 
@@ -34,17 +35,34 @@ print("Mot de passe:",pc)
 
 
 ```Bash
-# Write disk encryption password to secret.key
+#### Write disk encryption password to secret.key
 echo "motdepasse" > secret.key
-# Connect to ssh, run kexec to nixos install rom, and format disko
+#### Connect to ssh, run kexec to nixos install rom, and format disko
 nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases kexec,disko
 
-# Mount persistence directories that nixos will install stuff into
+#### Mount persistence directories that nixos will install stuff into
 mkdir -p /mnt/persistence/nix
 mkdir -p /mnt/persistence/var/lib/nixos
 mount --bind -m -o X-fstrim.notrim /mnt/persistence/nix /mnt/nix
 mount --bind -m -o X-fstrim.notrim /mnt/persistence/var/lib/nixos /mnt/var/lib/nixos
 
-# Run the install phase
+#### Run the install phase
 nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases install
 ```
+
+# Update
+
+From a nixos system, checked out in this tree:
+```
+  nixos-rebuild --flake .#midori --target-host mysaa@midori --use-remote-sudo switch
+```
+
+# Services
+
+## External ports
+SSH Port 2168
+
+
+## Internal ports
+Gitea Port 2301
+
diff --git a/flake.lock b/flake.lock
index 8221ddf..f442c29 100644
--- a/flake.lock
+++ b/flake.lock
@@ -124,9 +124,31 @@
         "disko": "disko",
         "impermanence": "impermanence",
         "nixpkgs": "nixpkgs",
+        "sdow": "sdow",
         "treefmt-nix": "treefmt-nix"
       }
     },
+    "sdow": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762102527,
+        "narHash": "sha256-m7O61TeM6wDZu64XyLuKqMpM34pttDxfK+6w/kVM+RQ=",
+        "owner": "MysaaJava",
+        "repo": "sdow",
+        "rev": "923c40aecbd4b889f4682520522c115ac06f9448",
+        "type": "github"
+      },
+      "original": {
+        "owner": "MysaaJava",
+        "ref": "stuff",
+        "repo": "sdow",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index d8bf8fc..e2a0e98 100644
--- a/flake.nix
+++ b/flake.nix
@@ -21,6 +21,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    sdow = {
+      url = "github:MysaaJava/sdow?ref=stuff";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
   };
 
   outputs =
diff --git a/profiles/mysaa.nix b/profiles/mysaa.nix
index 265864f..524c7b2 100644
--- a/profiles/mysaa.nix
+++ b/profiles/mysaa.nix
@@ -1,6 +1,6 @@
 { ... }:
 {
-  config.users.users.mysaa = {
+  users.users.mysaa = {
     extraGroups = [ "wheel" ];
     isNormalUser = true;
     openssh.authorizedKeys.keys = [
@@ -9,4 +9,7 @@
     hashedPassword = "$y$j9T$DR/KwQM8rJAzad6Rv8GhO0$nOeNLBoSYiniiLb9MkgU1//HpWpvbBhKm1JbsI3ZoZ7";
   };
 
+  # Allows mysaa to nixos-rebuild from a remote host
+  nix.settings.trusted-users = [ "mysaa" ];
+
 }
diff --git a/services/apache.nix b/services/apache.nix
new file mode 100644
index 0000000..8ee41b7
--- /dev/null
+++ b/services/apache.nix
@@ -0,0 +1,9 @@
+{...}: {
+
+  services.httpd.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  environment.persistence."/persistence".directories = [
+    "/var/lib/certs/"
+  ];
+}
diff --git a/services/default.nix b/services/default.nix
index ec5fab3..63d8930 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -1,3 +1,10 @@
 inputs: {
 
+  imports = [
+    ./postgresql.nix
+    ./apache.nix
+    ./gitea.nix
+    ./sdow.nix
+  ];
+
 }
diff --git a/services/gitea.nix b/services/gitea.nix
new file mode 100644
index 0000000..155ea88
--- /dev/null
+++ b/services/gitea.nix
@@ -0,0 +1,42 @@
+{ ... }: {
+
+  services.gitea = {
+    enable = true;
+
+    database = {
+      user = "gitea";
+      name = "gitea";
+      type = "postgres";
+      socket = "/run/postgresql/";
+      password = "8/xdr6EkKvMyGLhBz5atFN1GFntN8GdjVbVZUadcoyE"; #TODO change to passwordFile (and change password)
+    };
+    stateDir = "/var/lib/gitea/data/";
+    settings = {
+      "server" = {
+        ALLOW_DOWAIN = "https://git.bernard.com.de";
+        HTTP_PORT = 2301; #TODO Make these midori config settings
+        #TODO change to unix socket
+      };
+    };
+  };
+
+  services.httpd.virtualHosts."gitea" = {
+    hostName = "git.bernard.com.de";
+
+    forceSSL = true;
+
+    sslServerCert = "/var/lib/certs/bernard.com.de/fullchain.pem";
+    sslServerKey = "/var/lib/certs/bernard.com.de/privkey.pem";
+    sslServerChain = "/var/lib/certs/bernard.com.de/fullchain.pem";
+
+    locations."/" = {
+      proxyPass = "http://localhost:2301/";
+
+    };
+  };
+
+  environment.persistence."/persistence".directories = [
+    "/var/lib/gitea/data/"
+  ];
+
+}
diff --git a/services/postgresql.nix b/services/postgresql.nix
new file mode 100644
index 0000000..51b317f
--- /dev/null
+++ b/services/postgresql.nix
@@ -0,0 +1,12 @@
+{ ... }: {
+
+    services.postgresql = {
+        enable = true;
+        settings.port = 5432;
+        enableTCPIP = false;
+    };
+
+    environment.persistence."/persistence".directories = [
+        "/var/lib/postgresql/data/"
+    ];
+}
diff --git a/services/sdow.nix b/services/sdow.nix
new file mode 100644
index 0000000..7dd4674
--- /dev/null
+++ b/services/sdow.nix
@@ -0,0 +1,59 @@
+{ sdow, pkgs, lib, system, ... }: let
+  sdow-env-file = pkgs.writeTextFile {
+    name = "env.js";
+    text = ''
+      window.env = {
+        "SDOW_API_URL": "https://sdow.bernard.com.de/api/paths",
+        "WIKIPEDIA_API_URL": "https://fr.wikipedia.org/w/api.php",
+        "WIKIPEDIA_BASE_URL": "https://fr.wikipedia.org/wiki/",
+        "WIKIPEDIA_API_USERAGENT": "Six Degrees of Wikipedia/1.0 (https://sdow.bernard.com.de/; mysaa@hadoly.fr)"
+      };
+    '';
+    destination = "/env.js";
+  };
+  sdow-website = pkgs.symlinkJoin {
+    name = "sdow";
+    paths = [
+      sdow-env-file
+      sdow.packages.${pkgs.system}.sdow
+    ];
+  };
+  in {
+
+  services.httpd.virtualHosts."sdow" = {
+    hostName = "sdow.bernard.com.de";
+
+    forceSSL = true;
+
+    sslServerCert = "/var/lib/certs/bernard.com.de/fullchain.pem";
+    sslServerKey = "/var/lib/certs/bernard.com.de/privkey.pem";
+    sslServerChain = "/var/lib/certs/bernard.com.de/fullchain.pem";
+
+    documentRoot = "${sdow-website}";
+    locations."/api" = {
+      proxyPass = "http://localhost:2302";
+    };
+  };
+
+  systemd.services."sdow-api" = {
+    description = "Sdow Backend API";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "simple";
+      ExecStart="${sdow.apps.${pkgs.system}.sdow-api.program} /var/lib/sdow/sdow.sqlite /var/lib/sdow/searches.sqlite 2302";
+      Environment="GUNICORN_PORT=2302";
+      ExecReload="kill -s HUP $MAINPID";
+      KillMode="mixed";
+      TimeoutStopSec=5;
+      PrivateTmp=true;
+    };
+  };
+
+  environment.persistence."/persistence".files = [
+    "/var/lib/sdow/sdow.sqlite"
+    "/var/lib/sdow/searches.sqlite"
+  ];
+
+}