diff --git a/flake.nix b/flake.nix
index 037b964..2418bcc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -66,6 +66,9 @@
       # LDAP host
       kitt.imports = [./machines/kitt.nix arion.nixosModules.arion];
 
+      # Gitlab
+      glados = import ./machines/glados.nix;
+
     };
   };
 
diff --git a/machines/glados.nix b/machines/glados.nix
new file mode 100644
index 0000000..4e5842b
--- /dev/null
+++ b/machines/glados.nix
@@ -0,0 +1,58 @@
+/*
+
+  Name:     https://half-life.fandom.com/wiki/GLaDOS
+  Why:      Glados has a vast experence of testing and deploying.
+  Type:     VM
+  Hardware: -
+  From:     2023
+  Role:     Git server
+  Notes:    Each user has roughly 20gb os storage
+            20 * 100 = 2000gb
+
+*/
+
+{ pkgs, lib, nodes, ... }:
+let
+  # name of the server, sets teh hostname and record for it
+  name      = "glados";
+  ip_pub    = "193.1.99.75";
+  ip_priv   = "172.20.20.7";
+  hostname  = "${name}.skynet.ie";
+
+in {
+  imports = [
+    ../applications/dns.nix
+
+    # applications for this particular server
+    ../applications/gitlab.nix
+  ];
+
+  deployment = {
+    targetHost = hostname;
+    targetPort = 22;
+    targetUser = "root";
+  };
+
+
+  skynet_dns.records = {
+    external = [
+      "${name}       A       ${ip_pub}"
+    ];
+    reverse = [
+      "${builtins.substring 9 3 ip_pub}    IN     PTR    ${name}"
+    ];
+  };
+
+  services.skynet_gitlab = {
+      enable = true;
+
+      host = {
+        # pass in teh ip (used for firewall)
+        ip = ip_pub;
+
+        # the name is used for dns
+        name = name;
+      };
+    };
+
+}
\ No newline at end of file
diff --git a/machines/optimus.nix b/machines/optimus.nix
index dc45683..ec0e2c6 100644
--- a/machines/optimus.nix
+++ b/machines/optimus.nix
@@ -23,9 +23,6 @@ in {
     # applications for this particular server
     ../applications/dns.nix
     ../applications/games.nix
-
-    # for testing
-    ../applications/gitlab.nix
   ];
 
   deployment = {
@@ -34,7 +31,6 @@ in {
     targetUser = "root";
   };
 
-
   skynet_dns.records = {
     external = [
       "${name}       A       ${ip_pub}"
@@ -55,17 +51,4 @@ in {
       name = name;
     };
   };
-
-  services.skynet_gitlab = {
-      enable = true;
-
-      host = {
-        # pass in teh ip (used for firewall)
-        ip = ip_pub;
-
-        # the name is used for dns
-        name = name;
-      };
-    };
-
 }
\ No newline at end of file
diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age
index 8d0c3c0..f4b8701 100644
Binary files a/secrets/dns_certs.secret.age and b/secrets/dns_certs.secret.age differ
diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age
index 72af8a5..93529ab 100644
--- a/secrets/dns_dnskeys.conf.age
+++ b/secrets/dns_dnskeys.conf.age
@@ -1,16 +1,16 @@
 age-encryption.org/v1
--> ssh-ed25519 V1pwNA +XdmsmDKDUcu4JbZa+GIB7bXNeijvcjPCX3cl8qtIko
-ojl/wN8Z94wcnpjFqzWucxjb4Cj1aw/T72Sn6HImQRc
--> ssh-ed25519 rIwlvw EhWuRFm8qmsI//N40Ak3qEBibsG6FtalDu7a2ByBRDs
-+alf69rCF58siskxLsyH1j/TY5Abuzety737QxVea7Q
--> ssh-ed25519 q8eJgg vpheYQurSMI6K0cFUzlRgTCgSh6XVXnfihC5TCpOTAk
-EdABzrQzke1aMRo8p8EwufS6hc1rEyyyQ/Z4qP4Vq/E
--> ssh-ed25519 pBdJmw tiQopXd0eWJmGG8w58DGjRgrAp8rKVzg1rWsS+MLkFA
-CaZ+uAQy3s5P714hIlNlnJ4xLgD0qJtMf9575tyjDL0
--> ssh-ed25519 v2Y09A 7AJTfw+VR9xfpDBNV1uSoBNVThyIjlF9UBHFcJksnm8
-p0Q0xlexTBsnib54A2bWgn+0j9IZ9spHcrAXz6jsHRo
--> h-grease \ F&PIoI^Q
-JKo0JA
---- lNEh0Ik3wmehWp/RGexGRY83HcDQ2/p7b0IS/oqozOs
-×¼þæPÙZ‘GÿÈ	:>—÷”„‹‘Ó`U„/•o'òßøHÂÿ8;<ïÜÅåMfs²’ôO eYçÛ‘ªédŸD: Õ£‚Ç¦)¨áÕA«/
-÷g‰CD/ƒÛNäVºJYÝ9èÙL$QlFLžôàO~£?=›‹Ô3ˆ½lÞ>9kw
\ No newline at end of file
+-> ssh-ed25519 V1pwNA NUORvEeaoQ+rWveIbqfs8Y/3mhmaxMjXkUC/aA+TNBI
+PtgPedhHLhO+sNYRM8mHwlTK/YCoyRO1d4QBB91SEGE
+-> ssh-ed25519 rIwlvw a22DrOMKB55NKZ3CQ8YEuoPj3TH2y4JJoFQQSbIkBF0
+Tu/lyVf9EcDL3BzlJeEOum4KslI9DRIXzONY8wUFJkM
+-> ssh-ed25519 q8eJgg MV25An5FwvmfqH+0oQQovt0ZKVUn7W2wjeRGD5a0rjQ
+B5JktKOqJtkD98Ee3iqCuJrFFLl7dSO0Z8J9kQ8UIHg
+-> ssh-ed25519 pBdJmw vICdcqDgD6AOZC94XmJwuHYhj8OPjQKkeiNV64XOamA
+mweydMBhcSFuxQsjgW3g1Xo7FzdBYGNI4sQVb8e2mpw
+-> ssh-ed25519 v2Y09A bHc1tPTcOY5f3B+mhJv7zIyE401tO2FdrAaKLxUxICw
+/bIxdRktBizlzUQC8O3nzhYglS84k4lbyu1cN62UOwA
+-> 5/R-grease rNQ% ^EZWXoB~ #%<24w%Z fDKICIU5
+uo4iflPflaTzY8ZUhvZZclZcXAAAeTqdEu7hJB6T7zOVJK6ezEJkDcxKUHl0Bd3l
+qzQ
+--- 0J6vMbE2Qp863uU8qqG0CKMazXAkTCigSL/GkF/FLUo
+r==“d‹®/¸x§U¶*Í”9 –¤¦™Ì4¤,ŸiV¾$dZ…Mà –}›ž·¨{¡öD'1i~–Ëz,âzg>µ8éïªKC>­Mˆs¸‘ƒ/v¶“ÃÀ…¬<BÔÂ%«Š±[¡iFžÙ#äzúW«Ïõtð<Úl§ÿÑ!CâóÆ¬.1'D·/žAúËÕO
\ No newline at end of file
diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age
index 1f41115..5482c77 100644
Binary files a/secrets/gitlab/db_pw.age and b/secrets/gitlab/db_pw.age differ
diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age
new file mode 100644
index 0000000..59db543
Binary files /dev/null and b/secrets/gitlab/ldap_pw.age differ
diff --git a/secrets/gitlab/pw.age b/secrets/gitlab/pw.age
index f4b2312..232663e 100644
Binary files a/secrets/gitlab/pw.age and b/secrets/gitlab/pw.age differ
diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age
index 400b282..4ce25bc 100644
Binary files a/secrets/gitlab/secrets_db.age and b/secrets/gitlab/secrets_db.age differ
diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age
index 5600e85..d0958b5 100644
Binary files a/secrets/gitlab/secrets_jws.age and b/secrets/gitlab/secrets_jws.age differ
diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age
index 3003a26..34d40fd 100644
Binary files a/secrets/gitlab/secrets_otp.age and b/secrets/gitlab/secrets_otp.age differ
diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age
index d6cb2a2..abdb049 100644
--- a/secrets/gitlab/secrets_secret.age
+++ b/secrets/gitlab/secrets_secret.age
@@ -1,15 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 V1pwNA JGktU0gGovPnnYr9an6lueZnEKDLde9ES0Y6m06pLUc
-vPcPTDCVwgK72KnMN8t7C9AR7fV9EggTUC5F9EFyuoI
--> ssh-ed25519 rIwlvw FMYXiAcwxioJex74HfvM7Tnvp2VKAOKtHTRqTKgYVHA
-B/RdgW4nsMTD1sF12OxgJElFx6SfCL03WKWdeeTjeYg
--> ssh-ed25519 q8eJgg AxBdKkiZh7NOqpLMwBNsEo3dgTj+6NPtONYkLKENWRw
-qqvrwOFlE52/Sa15kplKXBq5jdTZ+dUn/2EjUBByQQs
--> ssh-ed25519 DVzSig I04tljSY9N+GyRWwO1ULPhojDOLDxXC5gOqw922Z3Xk
-OiZe8nWcQaY6UCDGW5IkWpqTeMTpNRtUoDxOQ/ALwwg
--> *=AwI,H2-grease
-3Y9OngljfiuJCfOMrjB3Ze0+PKnNto4BcK2krTU8jVCVlxUXtFUFHsnuhQsuYejo
-J5SQjXliLn5r7SK2R7hw2OmWCVkbVuYsBFvGtrc6Kocr0yXGxaqImNsMBA+V5rWT
-Ng
---- E6/+09Fw8LXNmezYen3GZ1SQvTsnsxty4fgItWnMITc
-UÅ­ßü.ê¸—žý\c¥Žä>ôÝðxY%r|ÓWÜf‹f9ª¯¿èÙ"÷l:µ!‹'™+ê@Œt¬ì=JQÌQÕ<¥”¨yIO,‰Û·ªžÈéÿ™ë£}6?yI’ðœü©]UAkì™8Åh¹µˆ§\‰\ËÞÀº¹òÄòvx3Cüˆ•]9‡ÞÔé¡!_½‹ É
\ No newline at end of file
+-> ssh-ed25519 V1pwNA RSEAjG9arHdJ25sten2nZu6BSfHUQWQNUc5CiNL0QzE
+IdgldV4EFXZJBH/NC2pZO+4cwkJYvb2KmolLqzmN0vQ
+-> ssh-ed25519 rIwlvw OCljetp8dtOnLtEOtXV0cSueBIgD+SDLupHsd6byDC8
+s15SV/7us1ZkecWzzJhmJvqKOnPH0EZG8UHFs1zic2s
+-> ssh-ed25519 q8eJgg dxw6mkAUjign/aFf6y2nYBWD+hhVSVnryI5DTtOamHQ
+vVnbJvBbftvokYwX6Sj/kQmfTWp1VvdOM/2x2siNLMQ
+-> ssh-ed25519 uZzB3g mM0QvRUpROqXcMweoEnXyXbdepmvVk/g/U+6CT51fF8
+BvPpQ3OudwiXQotQ+dP6XHGW+Z0ryB70x0ZfhpXJV8Y
+-> Tk7;(;-grease
+/BFDPeDUWK4PSfa2tI3yJOT8YkbiL/v+vhQPPapgbXMmugjFTgdkrX4
+--- JXNaMGLSaqkj2r/+sa9FXemmnKF6hbFHtNVy/OQ/bLg
+J^êB|kÐròp?ÊyáÀürÍr—(ÎøjéF³Ì¾¾}86öŒª‹Øƒm-7°TõHºO,ãE]ö¶¬p¸±‰ï›W­CBÛ-ñÃô÷³¯VÄ;Àâ˜Òsßn_¦øa_=œQ
+E0Uè¤$B˜¨ yˆR™òs¸tu»;]
+‰ÅŠóÊÎAõŒ…/%þà‘R—_
\ No newline at end of file
diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age
index f7f3f23..ef878c0 100644
Binary files a/secrets/ldap/pw.age and b/secrets/ldap/pw.age differ
diff --git a/secrets/ldap/self_service.age b/secrets/ldap/self_service.age
index 4589a01..5b606f2 100644
Binary files a/secrets/ldap/self_service.age and b/secrets/ldap/self_service.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ab78b1c..f4a7f6c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -23,7 +23,7 @@ let
 
   optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";
 
-  glados = "";
+  glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
 
   kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
 
@@ -40,11 +40,13 @@ let
   ];
 
   ldap = [
-    # only here as a tmp basis
-    optimus
     kitt
   ];
 
+  gitlab = [
+    glados
+  ];
+
   # these need dns stuff
   webservers = [
     # ULFM
@@ -53,9 +55,8 @@ let
     optimus
   ]
   # ldap servers are web facing
-  ++ ldap;
-
-  gitlab = optimus;
+  ++ ldap
+  ++ gitlab;
 
 in
 {
@@ -67,12 +68,13 @@ in
   "stream_ulfm.age".publicKeys = users ++ [galatea];
 
 
-  "gitlab/pw.age".publicKeys = users ++ [gitlab];
-  "gitlab/db_pw.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_db.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_secret.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_otp.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_jws.age".publicKeys = users ++ [gitlab];
+  "gitlab/pw.age".publicKeys = users ++ gitlab;
+  "gitlab/db_pw.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_db.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_secret.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_otp.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
+  "gitlab/ldap_pw.age".publicKeys = users ++ gitlab;
 
   # for ldap
   "ldap/pw.age".publicKeys = users ++ ldap;
diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age
index 34e2ab5..73cc4bd 100644
Binary files a/secrets/stream_ulfm.age and b/secrets/stream_ulfm.age differ