diff --git a/flake.nix b/flake.nix
index e7ae1b4..52c4b5f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,6 +64,7 @@
         let
           microvm-list = [
             "auth"
+            "conduwuit"
             "forgejo"
             "immich"
             "miniflux"
diff --git a/hosts/cloud/default.nix b/hosts/cloud/default.nix
index 0c2dbca..e830ff9 100644
--- a/hosts/cloud/default.nix
+++ b/hosts/cloud/default.nix
@@ -3,6 +3,7 @@
   imports = [
     ./configuration.nix
     ./hardware-configuration.nix
+    ./irc.nix
     ./networking.nix
     ./proxy
   ];
diff --git a/hosts/cloud/irc.nix b/hosts/cloud/irc.nix
new file mode 100644
index 0000000..d39a2e9
--- /dev/null
+++ b/hosts/cloud/irc.nix
@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  services.soju = {
+    enable = true;
+    listen = [
+      "irc+insecure://10.89.87.1"
+      "irc+insecure://[fd31:185d:722e::1]"
+    ];
+  };
+
+  environment.systemPackages = [ pkgs.soju ];
+}
diff --git a/hosts/conduwuit/default.nix b/hosts/conduwuit/default.nix
new file mode 100644
index 0000000..1a594ad
--- /dev/null
+++ b/hosts/conduwuit/default.nix
@@ -0,0 +1,76 @@
+{ config, lib, ... }:
+let
+  mac = "02:00:00:00:00:06";
+in
+{
+  imports = [
+  ];
+  # sops.defaultSopsFile = ./secrets.yaml;
+  # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  # sops.secrets = {
+  #   "wg/0xa-proxy" = {
+  #     owner = config.users.users.systemd-network.name;
+  #   };
+  # };
+
+  microvm = {
+    hypervisor = "qemu";
+    mem = 3 * 1024;
+    vcpu = 2;
+    interfaces = [
+      {
+        type = "tap";
+        id = "uvm-conduwuit";
+        mac = mac;
+      }
+    ];
+    shares =
+      [
+        {
+          source = "/nix/store";
+          mountPoint = "/nix/.ro-store";
+          tag = "store";
+          proto = "virtiofs";
+          socket = "store.socket";
+        }
+      ]
+      ++ map
+        (dir: {
+          source = dir;
+          mountPoint = "/${dir}";
+          tag = dir;
+          proto = "virtiofs";
+          socket = "${dir}.socket";
+        })
+        [
+          "etc"
+          "var"
+          "home"
+        ];
+  };
+
+  networking.useNetworkd = true;
+  networking.firewall.enable = lib.mkForce false; # firewalling done by the host
+
+  systemd.network = {
+    enable = true;
+    networks."11-host" = {
+      matchConfig.MACAddress = mac;
+      networkConfig = {
+        Address = "10.99.99.16/24";
+        DHCP = "no";
+      };
+      routes = [
+        {
+          Gateway = "10.99.99.1";
+          Destination = "0.0.0.0/0";
+          Metric = 1024;
+        }
+      ];
+    };
+  };
+
+  networking.hostName = "conduwuit";
+  system.stateVersion = "24.11";
+}
diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix
index 8003440..17f8f09 100644
--- a/hosts/toaster/default.nix
+++ b/hosts/toaster/default.nix
@@ -3,7 +3,7 @@
   imports = [
     ./amd.nix
     ./hardware-configuration.nix
-    # ./irc.nix
+    ./irc.nix
     ./network
     ./secure-boot.nix
     ./zfs.nix
diff --git a/hosts/toaster/irc.nix b/hosts/toaster/irc.nix
index 938fac3..ecdac88 100644
--- a/hosts/toaster/irc.nix
+++ b/hosts/toaster/irc.nix
@@ -3,8 +3,8 @@
   environment.systemPackages = [ pkgs.senpai ];
 
   sops.secrets = {
-    "irc/senpai" = {
-      owner = config.users.users.grue.name;
+    "senpai" = {
+      owner = config.users.users."0xa".name;
     };
   };
 }
diff --git a/hosts/toaster/secrets.yaml b/hosts/toaster/secrets.yaml
index 34ad250..701733d 100644
--- a/hosts/toaster/secrets.yaml
+++ b/hosts/toaster/secrets.yaml
@@ -8,6 +8,7 @@ mail:
     shipunov.xyz: ENC[AES256_GCM,data:cg+P+FrZ2icjfhwDGKGyUH9DejSZHpNs2bcSBPyz8g==,iv:XZFaSXnGmTL9j2sEyt5Q7+pe6rr+WA/0UGq/2Gl5DTI=,tag:oq+5EuJWJKwK3h0/e6Uozw==,type:str]
     dvb.solutions: ENC[AES256_GCM,data:GSjPIPA5TGMWfhdRzTsiHPfXFVGLVSpJvJG+I++i,iv:EBlk00wqADCuYTzuVcuX9kSn6TVBfN12UlcXyps6TtE=,tag:G7rKTngN4v2FtuhQEMdUQQ==,type:str]
     tlm.solutions: ENC[AES256_GCM,data:ncTMh/jw+YmcmcVU/c1I36vV1CwtmtYwfyDUx9w9,iv:vPnmdvDnEJ9FF4rDkSfPnLWebleSgI/yG7qOgJfq5ic=,tag:z4w4LOGf2v0TBSxrHULBsw==,type:str]
+senpai: ENC[AES256_GCM,data:nLMlw+Gw5p9pcyElvHy/d+GV0/dbTj3+Et+lzBs1YEUcsYT2lM7sN+5+4PEF6weJgHUreTl007fh8+FO8S+mUg==,iv:+5szUWaARn93RTQvY13JGn2zJ3y8iyjv09i3KtbhaTQ=,tag:OsD4IoRv8wGuUbEnsld7Dg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +24,8 @@ sops:
             bDRBWjJJSDl3bDkxenR1S2NMZW91dW8Kzhc/6HeEJfLGDaKdRSbpaMdR7XaBxdQI
             jnAySJCGsXxCPebRtCIdDnoLjdqdzEggEhRh27JOpeOiEukLmakPMA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-11T01:25:11Z"
-    mac: ENC[AES256_GCM,data:Y11oSAhVwjYkuONxlWFKRTswaCMsj6/61HQgEZ9tKOxHK0mfx6CiJGqNKud7XDAebmqB3uIYNJ8zYKvM2D0+vLBp5Kk+bQX0tNXf1HXVJPYzE1GA+Wg5ZKYM5HZ339XiEEBZEbTU+ptMw2YO9mhDxYA6UnPPQ2IHNPgB/yrgfxM=,iv:iHERfH1sf35DgFYr6FkwxRxnF+qppWOqw1XJ/rJi3DU=,tag:L09jwVXKzSnACp2TSpEV2w==,type:str]
+    lastmodified: "2025-02-05T19:41:58Z"
+    mac: ENC[AES256_GCM,data:5u2hJYMHwpFd5fcHXKzOblHfgnRTjNIEL+glBsHct3xZ+G1APQg9WdgZbRWc+ypdYPFfhqXKV9RBl/UHtFEyljL7JQV0U8EfumP1WNjPaMgnWftm5qLOe0PxmrPbwsYYBdotO9GVoplghrNd1euvMsxd3F+YtU+MnY+u4dcr4C8=,iv:A61rDNajtU/NOqcemmCN348STdMI9qqPRvdd6n/EuKg=,tag:Y1zi86LNX1xlXpjbslmRAA==,type:str]
     pgp:
         - created_at: "2025-01-02T22:57:16Z"
           enc: |-
@@ -47,4 +48,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4