diff --git a/nixos/modules/ips.nix b/nixos/modules/ips.nix
index 82e98a1..8e9d6a6 100644
--- a/nixos/modules/ips.nix
+++ b/nixos/modules/ips.nix
@@ -4,4 +4,5 @@ rec {
   server = "${localSpan}.2";
   pc = "${localSpan}.3";
   vm = "${localSpan}.4";
+  hx = "${localSpan}.70";
 }
diff --git a/nixos/server.nix b/nixos/server.nix
index 7039f68..9ecb5be 100644
--- a/nixos/server.nix
+++ b/nixos/server.nix
@@ -22,6 +22,7 @@
     ./server/acme.nix
     ./server/ddclient.nix
     ./server/docker.nix
+    ./server/icecast.nix
     ./server/firewall.nix
     ./server/gitea.nix
     ./server/lemmy.nix
diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix
index 6173789..c1082ae 100644
--- a/nixos/server/firewall.nix
+++ b/nixos/server/firewall.nix
@@ -29,16 +29,18 @@
             chain PREROUTING {
               type nat hook prerouting priority dstnat; policy accept;
               tcp dport 2211 dnat to ${ips.pc}:22 comment "SSH to PC"
-              udp dport { 27005, 27015, 7777 } dnat to ${ips.pc} comment "Games to PC"
+              udp dport { 27005, 27015, 7777 } dnat to ${ips.pc} comment "PC Hosted Games"
             
-              tcp dport { 58010, 57989, 57984 } dnat to ${ips.pc} comment "Sunshine TCP to PC"
-              udp dport { 57998, 57999, 58000 } dnat to ${ips.pc} comment "Sunshine UDP to PC"
+              tcp dport { 58010, 57989, 57984 } dnat to ${ips.pc} comment "PC Sunshine TCP"
+              udp dport { 57998, 57999, 58000 } dnat to ${ips.pc} comment "PC Sunshine UDP"
             
-              tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM"
-              udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM"
+              tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "VM Sunshine TCP"
+              udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "VM Sunshine UDP"
+
+              udp dport { 7790, 7791, 7792 } dnat to ${ips.hx} comment "Deus Ex"
             
-              ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
-              ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
+              ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "VM ALVR TCP"
+              ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "VM ALVR UDP"
             }
             chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;
diff --git a/nixos/server/icecast.nix b/nixos/server/icecast.nix
index 1a2f5cc..42926c7 100644
--- a/nixos/server/icecast.nix
+++ b/nixos/server/icecast.nix
@@ -1,4 +1,4 @@
-{outputs, ...}: {
+{pkgs, outputs, ...}: {
   # Icecast, replacing Azuracast maybe
   services = {
     icecast = {
@@ -7,8 +7,45 @@
       hostname = "icecast.${outputs.secrets.jimDomain}";
       admin = {
         user = "jimbo";
-	password = "${outputs.secrets.castPass}";
+	password = "${outputs.secrets.castAdminPass}";
       };
+      extraConf = ''
+        <authentication>
+          <source-password>${outputs.secrets.castSourcePass}</source-password>
+        </authentication>
+      '';
+    };
+    liquidsoap.streams = let
+      jimbops = ''
+        # CONFIGURATION
+        settings.log.stdout.set(true)
+        settings.init.allow_root.set(true)
+        settings.scheduler.fast_queues.set(2)
+        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
+        
+        # Define the source with random playlist
+        jimbops = mksafe(normalize(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/")))
+        
+        # Ensure the stream never stops
+        jimbops_fallback = fallback([jimbops, jimbops])
+        
+        # Output configuration to Icecast
+        output.icecast(
+          %vorbis(channels=2, samplerate=48000, quality=0.8),
+          host="127.0.0.1",
+          port=265,
+          password="${outputs.secrets.castSourcePass}",
+          description="JimBops Radio",
+          url="https://icecast.jimbosfiles.com/jimbops.opus",
+          public=true,
+          icy_metadata=["artist", "title"],
+          genre="My personal music folder.",
+          mount="jimbops.opus",
+          jimbops_fallback
+        )
+      '';
+    in {
+      JimBops = pkgs.writeText "liquidjim" jimbops;
     };
     nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix
index 6873d8a..02ba8f4 100644
--- a/nixos/server/wireguard.nix
+++ b/nixos/server/wireguard.nix
@@ -2,10 +2,14 @@
   ips = import ../modules/ips.nix;
 in {
   # enable NAT
-  networking.nat.enable = true;
-  networking.nat.externalInterface = "${ips.netInt}";
-  networking.nat.internalInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51820 ];
+  networking = {
+    nat = {
+      enable = true;
+      externalInterface = "${ips.netInt}";
+      internalInterfaces = [ "wg0" ];
+    };
+    firewall.allowedUDPPorts = [ 51820 ];
+  };
 
   networking.wireguard = {
     enable = true;
diff --git a/secrets.nix b/secrets.nix
index bcf084a..48d581b 100644
Binary files a/secrets.nix and b/secrets.nix differ