diff --git a/certificates/id_ed25519_ext-julia.pub b/certificates/id_ed25519_ext-julia.pub
new file mode 100644
index 0000000..facb9b4
--- /dev/null
+++ b/certificates/id_ed25519_ext-julia.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtsLGI/S6473jzw4BlWTRfxVO7mhEhClRF0gzpexG9V game-luanti
diff --git a/hosts/ext-julia/boot.nix b/hosts/ext-julia/boot.nix
new file mode 100644
index 0000000..82bde96
--- /dev/null
+++ b/hosts/ext-julia/boot.nix
@@ -0,0 +1,11 @@
+{
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub = {
+    enable = true;
+    # efiSupport = true;
+    # efiInstallAsRemovable = true;
+    # Define on which hard drive you want to install Grub.
+    device = "/dev/vda"; # or "nodev" for efi only
+  };
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+}
diff --git a/hosts/ext-julia/default.nix b/hosts/ext-julia/default.nix
new file mode 100644
index 0000000..be1e78f
--- /dev/null
+++ b/hosts/ext-julia/default.nix
@@ -0,0 +1,20 @@
+{config, pkgs, ...}:{
+  imports = [
+    ./boot.nix
+    ./hardware-configuration.nix
+
+    ((import ./wordpress.nix) {config=config; pkgs=pkgs; siteName="shop.kiezpalme.de"; port=80;})
+    ../../modules/sec_auth/ssh-server.nix
+
+    ../../system_profiles/server.nix
+  ];
+
+  services.openssh.ports = [11522];
+  users = let
+    username = "root";
+  in {
+    users."${username}".openssh.authorizedKeys.keyFiles = [
+      ../../certificates/id_ed25519_ext-julia.pub
+    ];
+  };
+}
diff --git a/hosts/ext-julia/hardware-configuration.nix b/hosts/ext-julia/hardware-configuration.nix
new file mode 100644
index 0000000..165d4c8
--- /dev/null
+++ b/hosts/ext-julia/hardware-configuration.nix
@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/hosts/ext-julia/wordpress.nix b/hosts/ext-julia/wordpress.nix
new file mode 100644
index 0000000..e9c2ec3
--- /dev/null
+++ b/hosts/ext-julia/wordpress.nix
@@ -0,0 +1,116 @@
+{
+  config,
+  pkgs,
+  siteName ? "example-name",
+  sitePort ? 80,
+  ...
+}: let
+  siteDataDir = "/srv/http/${siteName}";
+  siteUser = "user-${siteName}";
+  siteGroup = config.services.nginx.user;
+  siteUserPhp = "${siteUser}-php";
+  siteGroupPhp = siteUserPhp;
+  sitePhpPool = "wordpress-${siteName}";
+in {
+  users = {
+    users = {
+      "${siteUser}" = {
+        isSystemUser = true;
+        group = siteGroup;
+        home = siteDataDir;
+        createHome = false;
+        shell = "${pkgs.shadow}/bin/nologin";
+      };
+
+      ### 3) Service account for PHP-FPM pool
+      "${siteUserPhp}" = {
+        isSystemUser = true;
+        group = siteGroupPhp;
+        home = "/var/empty";
+        createHome = false;
+        shell = "${pkgs.shadow}/bin/nologin";
+      };
+    };
+
+    groups = {
+      "${siteGroup}" = {};
+      "${siteGroupPhp}" = {};
+    };
+  };
+
+  services = {
+    mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+    };
+
+    phpfpm.pools."${sitePhpPool}" = {
+      user = siteUserPhp;
+      group = siteGroupPhp;
+
+      settings = {
+        # Socket ownership so Nginx can connect
+        "listen.owner" = config.services.nginx.user;
+        "listen.group" = siteGroupPhp;
+        "listen.mode" = "0660";
+
+        # Dynamic process management tuned for small sites
+        pm = "dynamic";
+        "pm.max_children" = "5";
+        "pm.start_servers" = "2";
+        "pm.min_spare_servers" = "1";
+        "pm.max_spare_servers" = "3";
+
+        # Logging
+        "catch_workers_output" = true;
+        "php_admin_flag[log_errors]" = true;
+      };
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."${siteName}" = {
+        default = true;
+        root = siteDataDir;
+
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = sitePort;
+            ssl = false;
+          }
+        ];
+
+        # Fallback for pretty permalinks
+        locations."/" = {
+          tryFiles = "$uri $uri/ /index.php?$args";
+        };
+        extraConfig = ''
+          index index.php;
+        '';
+
+        # 6.2 Handle PHP scripts
+        locations."~ \\.php$" = {
+          extraConfig = ''
+            fastcgi_split_path_info ^(.+\\.php)(/.+)$;
+            fastcgi_pass          unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
+            fastcgi_index         index.php;
+            fastcgi_param         SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include               ${pkgs.nginx}/conf/fastcgi_params;
+          '';
+        };
+      };
+    };
+  };
+
+  # Bootstrap WordPress on activation
+  environment.systemPackages = [pkgs.unzip];
+  system.activationScripts."setupWordpress-${siteName}".text = ''
+    mkdir -p ${siteDataDir}
+    if [ ! -f ${siteDataDir}/wp-config.php ]; then
+      cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
+      chown -R ${siteUser}:${siteGroup} ${siteDataDir}
+      chmod -R 755 ${siteDataDir}
+    fi
+  '';
+}
diff --git a/modules/sec_auth/ssh-server.nix b/modules/sec_auth/ssh-server.nix
index 5d575a8..8deb4f9 100644
--- a/modules/sec_auth/ssh-server.nix
+++ b/modules/sec_auth/ssh-server.nix
@@ -7,7 +7,7 @@
     settings = {
       PasswordAuthentication = false;
       PermitRootLogin = "yes";
-      X11Forwarding = true;
+      X11Forwarding = false;
     };
   };
 }
diff --git a/modules/serial-console.nix b/modules/serial-console.nix
new file mode 100644
index 0000000..521887f
--- /dev/null
+++ b/modules/serial-console.nix
@@ -0,0 +1,8 @@
+{
+  boot.kernelParams = [ "console=ttyS0,115200n8" ];
+  boot.loader.grub.extraConfig = "
+    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
+    terminal_input serial
+    terminal_output serial
+  ";
+}
diff --git a/outputs.nix b/outputs.nix
index aab3468..a5ea2ce 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -16,11 +16,14 @@ in {
   nixosConfigurations = builtins.mapAttrs (hostName: hostOptions: (hostHelper hostName hostOptions)) {
     crocoite = {stateVersion = "24.05";};
 
-    jitsi = {stateVersion = "24.11";};
+    #jitsi = {stateVersion = "24.11";};
+
     game-luanti = {
       stateVersion = "25.05";
       unstable = true;
     };
+
+    ext-julia = {stateVersion = "24.11";};
   };
 
   # Your custom packages