diff --git a/.gitmodules b/.gitmodules
index 3eb49ffe..e95bc711 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "secrets"]
 	path = secrets
 	url = ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git
+[submodule "overlays/yggdrasil-package-nix"]
+	path = overlays/yggdrasil-package-nix
+	url = https://github.com/ehmry/yggdrasil-package-nix.git
diff --git a/ansible/hypervisor.yml b/ansible/hypervisor.yml
index 51ec9196..afee0a74 100644
--- a/ansible/hypervisor.yml
+++ b/ansible/hypervisor.yml
@@ -54,4 +54,4 @@
         }
     }
   vars:
-    beats_version: 7.3.0
+    beats_version: 7.3.2
diff --git a/hosts/hydra/cache.nix b/hosts/hydra/cache.nix
index e5a3b84b..ba29afb9 100644
--- a/hosts/hydra/cache.nix
+++ b/hosts/hydra/cache.nix
@@ -18,4 +18,11 @@
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     '';
   };
+
+  services.nginx.virtualHosts."depot.hq.c3d2.de" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/".root = "/srv/www/depot";
+  };
+
 }
diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix
index 1898ed0e..e90fb91b 100644
--- a/hosts/hydra/configuration.nix
+++ b/hosts/hydra/configuration.nix
@@ -7,6 +7,7 @@
     ./hydra.nix
     ./cache.nix
     ./../../lib/common/c3d2.nix
+    ./../../lib/yggdrasil.nix
   ];
 
   security.pam.enableSSHAgentAuth = true;
@@ -17,6 +18,8 @@
 
   nix.useSandbox = false;
   nix.maxJobs = lib.mkDefault 4;
+  nix.autoOptimiseStore = true;
+  nix.gc = { automatic = true; dates = "06:00"; options = "--delete-older-than 7d"; };
 
   boot.isContainer = true;
   boot.loader.initScript.enable = true;
@@ -28,7 +31,11 @@
   };
 
   networking.hostName = "192";
-  networking.useNetworkd = true;
+
+  networking.useHostResolvConf = true;
+
+  # caused problems on this host -- Astro 2019-09-08
+  services.resolved.enable = false;
 
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
diff --git a/hosts/pulsebert/configuration.nix b/hosts/pulsebert/configuration.nix
index 1ba732f0..8e9c394e 100644
--- a/hosts/pulsebert/configuration.nix
+++ b/hosts/pulsebert/configuration.nix
@@ -15,6 +15,7 @@ in {
       ../../lib/common/common.nix
       ../../lib/users.nix
       ../../lib/mpd.nix
+      ../../lib/yggdrasil.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -233,4 +234,7 @@ in {
       };
     });
   };
+  programs.bash.shellAliases = {
+    mpv = "mpv --no-vid";
+  };
 }
diff --git a/lib/yggdrasil.nix b/lib/yggdrasil.nix
new file mode 100644
index 00000000..ef4429f5
--- /dev/null
+++ b/lib/yggdrasil.nix
@@ -0,0 +1,17 @@
+{ config, ... }: {
+
+  imports = [ ./../overlays/yggdrasil-package-nix/nixos-module.nix ];
+
+  networking.firewall.extraCommands = ''
+   ip6tables -A INPUT -s fe80::/10 -j ACCEPT
+  '';
+
+  services.yggdrasil = {
+    enable = true;
+    NodeInfo = {
+      name = config.networking.hostName + ".c3d2";
+      deployment = "nixos";
+      location = "Pieschen (Q8945)";
+    };
+  };
+}
diff --git a/overlays/yggdrasil-package-nix b/overlays/yggdrasil-package-nix
new file mode 160000
index 00000000..a0ee4516
--- /dev/null
+++ b/overlays/yggdrasil-package-nix
@@ -0,0 +1 @@
+Subproject commit a0ee45162f90401acc52f929a7544838ec13a309