diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml
new file mode 100644
index 0000000..fd5b91a
--- /dev/null
+++ b/.forgejo/workflows/check.yml
@@ -0,0 +1,12 @@
+on:
+  push:
+    branches: [main]
+jobs:
+  check:
+    runs-on: nix-upstream-latest
+    steps:
+      - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+      - run: nix-env -i nodejs
+      - uses: actions/checkout@v4
+      - name: nix flake check
+        run: nix flake check
diff --git a/.forgejo/workflows/main.yml b/.forgejo/workflows/main.yml
deleted file mode 100644
index 5b63c12..0000000
--- a/.forgejo/workflows/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: build
-
-on:
-  push:
-    branches:
-      - main
-jobs:
-  build:
-    runs-on: nix-latest
-    strategy:
-      matrix:
-        package_name: ["nvim"]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-      - name: check
-        run: nix flake check
-      - name: Run `nix bundle`
-        if: github.ref == 'refs/heads/main'
-        id: build
-        run: |
-          nix bundle \
-              -o ${{ matrix.package_name }}.AppImage \
-              --bundler github:ralismark/nix-appimage \
-              --extra-experimental-features nix-command \
-              --extra-experimental-features flakes .#${{ matrix.package_name }}
-          echo "Done building AppImage for ${{ matrix.package_name }}"
-      - name: Upload bundle to release
-        if: github.ref == 'refs/heads/main'
-        uses: https://data.forgejo.org/forgejo/upload-artifact@v4
-        with:
-          path: "${{ matrix.package_name }}.AppImage"
-          name: "${{ matrix.package_name }}-x86_64-linux.AppImage"
diff --git a/.forgejo/workflows/nvim-bundle.yml b/.forgejo/workflows/nvim-bundle.yml
new file mode 100644
index 0000000..b59d210
--- /dev/null
+++ b/.forgejo/workflows/nvim-bundle.yml
@@ -0,0 +1,22 @@
+on:
+  push:
+    paths:
+      - 'pkgs/nvim/**'
+jobs:
+  nvim-bundle:
+    runs-on: nix-upstream-latest
+    needs: check
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+      - run: nix-env -i nodejs
+      - uses: actions/checkout@v4
+      - name: Run `nix bundle`
+        run: |
+          path="${{ matrix.package_name }}.AppImage"
+          nix bundle --bundler github:ralismark/nix-appimage \
+            -o "$path" \
+            .#${{ matrix.package_name }}
+          curl --user "${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" \
+            --upload-file "$path" \
+            "${{ forge.api_url }}/packages/${{ secrets.FJ_USER }}/generic/${{ matrix.package_name }}/latest/$path"
diff --git a/nixos/consensus/configuration.nix b/nixos/consensus/configuration.nix
index bd3b8e6..d954ce1 100644
--- a/nixos/consensus/configuration.nix
+++ b/nixos/consensus/configuration.nix
@@ -22,7 +22,7 @@
     docker-compose
     tmux
   ];
-  system-net.openssh.ports = [2022];
+  machine.net.openssh.ports = [2022];
   systemd.services.k3s = {
     preStart = ''
       until ${pkgs.tailscale}/bin/tailscale status; do
@@ -107,7 +107,7 @@
       ];
     };
   };
-  system-sys = {
+  machine.sys = {
     zram = false;
     swapSize = 16;
   };
diff --git a/nixos/modules/net.nix b/nixos/modules/net.nix
index 017786a..3116e92 100644
--- a/nixos/modules/net.nix
+++ b/nixos/modules/net.nix
@@ -1,6 +1,6 @@
 { host, pkgs, config, lib, ...}:
-let cfg = config.system-net; in {
-  options.system-net = {
+let cfg = config.machine.net; in {
+  options.machine.net = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;
diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix
index a36834e..cca8bae 100644
--- a/nixos/modules/nix.nix
+++ b/nixos/modules/nix.nix
@@ -1,6 +1,6 @@
 { host, pkgs, config, lib, ...}:
-let cfg = config.system-nix; in {
-  options.system-nix = {
+let cfg = config.machine.nix; in {
+  options.machine.nix = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;
diff --git a/nixos/modules/pkgs.nix b/nixos/modules/pkgs.nix
index ecab0b5..d14c669 100644
--- a/nixos/modules/pkgs.nix
+++ b/nixos/modules/pkgs.nix
@@ -1,6 +1,6 @@
 { pkgs, config, lib, ...}:
-let cfg = config.system-pkgs; in {
-  options.system-pkgs = {
+let cfg = config.machine.pkgs; in {
+  options.machine.pkgs = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;
diff --git a/nixos/modules/system.nix b/nixos/modules/system.nix
index f38f7a1..fbcee56 100644
--- a/nixos/modules/system.nix
+++ b/nixos/modules/system.nix
@@ -5,10 +5,10 @@
   ...
 }:
 let
-  cfg = config.system-sys;
+  cfg = config.machine.sys;
 in
 {
-  options.system-sys = {
+  options.machine.sys = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;
diff --git a/nixos/oracle/configuration.nix b/nixos/oracle/configuration.nix
index 7b41088..d4b65d1 100644
--- a/nixos/oracle/configuration.nix
+++ b/nixos/oracle/configuration.nix
@@ -8,7 +8,7 @@
     "net.ipv4.ip_forward" = 1;
     "net.ipv6.conf.all.forwarding" = 1;
   };
-  system-net.openssh.ports = [22 2022];
+  machine.net.openssh.ports = [22 2022];
   networking = {
     hostId = "00238132";
     firewall = {
diff --git a/nixos/t14/configuration.nix b/nixos/t14/configuration.nix
index e7eb9a4..bc93123 100755
--- a/nixos/t14/configuration.nix
+++ b/nixos/t14/configuration.nix
@@ -83,10 +83,10 @@ in
       ];
     };
   };
-  system-net.nfs = true;
-  system-sys.zram = true;
-  system-sys.swap = false;
-  system-sys.documentation = true;
+  machine.net.nfs = true;
+  machine.sys.zram = true;
+  machine.sys.swap = false;
+  machine.sys.documentation = true;
   hardware = {
     graphics = {
       enable = true;
diff --git a/nixos/zen/configuration.nix b/nixos/zen/configuration.nix
index 3c73c75..15131e6 100644
--- a/nixos/zen/configuration.nix
+++ b/nixos/zen/configuration.nix
@@ -1,4 +1,9 @@
-{ host, config, pkgs, ... }:
+{
+  host,
+  config,
+  pkgs,
+  ...
+}:
 {
   imports = [
     ./hardware-configuration.nix
@@ -11,27 +16,42 @@
       sopsFile = ../../secrets/forgejo-runner.yaml;
     };
   };
-  system-sys.zram = false;
+  machine.sys.zram = false;
   networking = {
     hostId = "81238132";
     firewall = {
       allowedTCPPorts = [
         22
         10250
-        25565 #mc
-        25566 #mc
+        25565 # mc
+        25566 # mc
       ];
+      interfaces."podman+" = {
+        allowedTCPPorts = [ 33393 ];
+      };
     };
   };
-  virtualisation.docker = {
+  virtualisation.podman = {
     enable = true;
-    extraOptions = "--dns 1.1.1.1";
   };
   services.gitea-actions-runner = {
     package = pkgs.forgejo-runner;
     instances.default = {
       enable = true;
       name = host.hostName;
+      settings = {
+        runner = {
+          capacity = 3;
+        };
+        cache = {
+          enable = true;
+          host = "host.containers.internal";
+          port = 33393;
+        };
+        container = {
+          force_pull = true;
+        };
+      };
       url = "https://git.10110110.xyz";
       tokenFile = config.sops.secrets.forgejo-runner.path;
       labels = [
diff --git a/pkgs/nvim/test b/pkgs/nvim/test
new file mode 100644
index 0000000..e69de29