diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix
index 9c9acdc..7e79b23 100644
--- a/containers/emerald/flake.nix
+++ b/containers/emerald/flake.nix
@@ -9,11 +9,11 @@
     shareFqdn = "muse.lava.moe";
     subnetId = "5";
 
-    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    subnet = x: "fd0d:2::${subnetId}:${toString x}";
     host = subnet 1;
     client = subnet 2;
 
-    subnet4 = x: "10.30.${subnetId}.${toString x}";
+    subnet4 = x: "10.32.${subnetId}.${toString x}";
     host4 = subnet4 1;
     client4 = subnet4 2;
 
@@ -39,13 +39,7 @@
         useACMEHost = "lava.moe";
         forceSSL = true;
         locations."/".proxyPass = "http://[${client}]:4533";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
-      };
-      services.nginx.virtualHosts."${shareFqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".return = "404";
-        locations."/share/".proxyPass = "http://[${client}]:4533";
+        listenAddresses = [ "100.67.2.1" ];
       };
 
       systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix
index 661e3d5..06c415f 100644
--- a/hosts/alyssum/default.nix
+++ b/hosts/alyssum/default.nix
@@ -6,6 +6,7 @@
   age.secrets = {
     acme_dns.file = ../../secrets/acme_dns.age;
     passwd.file = ../../secrets/passwd.age;
+    navidrome_env.file = ../../secrets/navidrome_env.age;
     wpa_conf = {
       file = ../../secrets/wpa_conf.age;
       path = "/etc/wpa_supplicant/imperative.conf";
@@ -27,6 +28,7 @@
     modules.services.nginx
     modules.services.syncthing
 
+    inputs.c-emerald.nixosModule
     inputs.c-garnet.nixosModule
 
     ./filesystem.nix
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index 33b6eec..f65dfd1 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -5,7 +5,6 @@
 
   age.secrets = {
     acme_dns.file = ../../secrets/acme_dns.age;
-    navidrome_env.file = ../../secrets/navidrome_env.age;
     slskd_env.file = ../../secrets/slskd_env.age;
     wg_dandelion.file = ../../secrets/wg_dandelion.age;
   };
@@ -31,12 +30,12 @@
     inputs.c-beryllium.nixosModule
     inputs.c-citrine.nixosModule
     inputs.c-diamond.nixosModule
-    inputs.c-emerald.nixosModule
     inputs.c-fluorite.nixosModule
 
     ./filesystem.nix
     ./kernel.nix
     ./networking.nix
+    ./nginx.nix
 
     ../../users/hana
   ];
diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix
new file mode 100644
index 0000000..c29de38
--- /dev/null
+++ b/hosts/dandelion/nginx.nix
@@ -0,0 +1,8 @@
+{ ... }: {
+  services.nginx.virtualHosts."muse.lava.moe" = {
+    useACMEHost = "lava.moe";
+    forceSSL = true;
+    locations."/".return = "404";
+    locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index bec70ef..b1f55e5 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -13,7 +13,7 @@ in {
   "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
 
   "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
-  "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ];
+  "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
   "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
   "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
   "secrets/warden_admin.age".publicKeys = [ rin ];
diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age
index 6cb705c..7df364f 100644
Binary files a/secrets/navidrome_env.age and b/secrets/navidrome_env.age differ