diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix
index 4865e29..5b9817e 100644
--- a/containers/amethyst/flake.nix
+++ b/containers/amethyst/flake.nix
@@ -9,6 +9,7 @@
     nixosModule = { ... }:
     let
       name = "amethyst";
+      fqdn = "amethyst.lava.moe";
       subnet = "1";
     in {
       networking.nat = {
@@ -17,7 +18,7 @@
         internalInterfaces = [ "ve-${name}" ];
       };
 
-      services.nginx.virtualHosts."${name}.local.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
         useACMEHost = "lava.moe";
         forceSSL = true;
         locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix
index adab4f0..c6b6cae 100644
--- a/containers/beryllium/flake.nix
+++ b/containers/beryllium/flake.nix
@@ -9,6 +9,7 @@
     nixosModule = { ... }:
     let
       name = "beryllium";
+      fqdn = "beryllium.lava.moe";
       subnet = "2";
     in {
       networking.nat = {
@@ -17,7 +18,7 @@
         internalInterfaces = [ "ve-${name}" ];
       };
 
-      services.nginx.virtualHosts."${name}.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
         useACMEHost = "lava.moe";
         forceSSL = true;
         locations."/".extraConfig = "return 302 'https://lava.moe';";
@@ -29,7 +30,7 @@
       services.nginx.virtualHosts."lava.moe" = {
         locations."= /.well-known/matrix/server".extraConfig =
           let
-            server = { "m.server" = "beryllium.lava.moe:443"; };
+            server = { "m.server" = "${fqdn}:443"; };
           in ''
             add_header Content-Type application/json;
             return 200 '${builtins.toJSON server}';
@@ -37,7 +38,7 @@
         locations."= /.well-known/matrix/client".extraConfig =
           let
             client = {
-              "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; };
+              "m.homeserver" = { "base_url" = "https://${fqdn}"; };
               # "m.identity_server" = { "base_url" = "https://vector.im"; };
             };
           in ''
@@ -51,8 +52,6 @@
       containers.${name} = {
         autoStart = true;
         privateNetwork = true;
-        hostAddress = "10.30.${subnet}.1";
-        localAddress = "10.30.${subnet}.2";
         hostAddress6 = "fd0d:1::${subnet}:1";
         localAddress6 = "fd0d:1::${subnet}:2";
         # privateUsers = "pick";
diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix
index 05a099a..996ffb2 100644
--- a/containers/citrine/configuration.nix
+++ b/containers/citrine/configuration.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ config, fqdn, lib, ... }: {
   system.stateVersion = "25.11";
   networking.firewall.allowedTCPPorts = [ 22 3000 ];
   networking.firewall.allowedUDPPorts = [ 22 3000 ];
@@ -13,8 +13,8 @@
     settings = {
       DEFAULT.APP_NAME = "Garden";
       server = {
-        DOMAIN = "garden.lava.moe";
-        ROOT_URL = "https://garden.lava.moe/";
+        DOMAIN = fqdn;
+        ROOT_URL = "https://${fqdn}/";
         HTTP_PORT = 3000;
         START_SSH_SERVER = true;
         BUILTIN_SSH_SERVER_USER = "git";
diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix
index 17eef3e..5673c9e 100644
--- a/containers/citrine/flake.nix
+++ b/containers/citrine/flake.nix
@@ -6,6 +6,7 @@
   outputs = { nixpkgs, catppuccin, ... }:
   let
     name = "citrine";
+    fqdn = "garden.lava.moe";
     subnetId = "3";
 
     subnet = x: "fd0d:1::${subnetId}:${toString x}";
@@ -35,7 +36,7 @@
         internalInterfaces = [ "ve-${name}" ];
       };
 
-      services.nginx.virtualHosts."garden.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
         useACMEHost = "lava.moe";
         forceSSL = true;
         locations."/".proxyPass = "http://[${client}]:3000";
@@ -53,6 +54,7 @@
         nixpkgs = nixpkgs;
         ephemeral = true;
         config = { imports = modules; };
+        specialArgs = { inherit fqdn; };
 
         bindMounts."persist" = {
           hostPath = "/persist/containers/${name}";
diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix
new file mode 100644
index 0000000..01b4311
--- /dev/null
+++ b/containers/diamond/configuration.nix
@@ -0,0 +1,22 @@
+{ fqdn, ... }: {
+  system.stateVersion = "25.11";
+  systemd.tmpfiles.rules = [
+    "d /persist/vaultwarden 755 vaultwarden vaultwarden"
+  ];
+  fileSystems."/var/lib/vaultwarden" = {
+    device = "/persist/vaultwarden";
+    fsType = "none";
+    options = [ "bind" ];
+  };
+  networking.firewall.allowedTCPPorts = [ 8000 ];
+  networking.firewall.allowedUDPPorts = [ 8000 ];
+
+  services.vaultwarden = {
+    enable = true;
+    domain = fqdn;
+    config = {
+      DOMAIN = "https://${fqdn}";
+      ROCKET_ADDRESS = "::";
+    };
+  };
+}
diff --git a/containers/diamond/flake.lock b/containers/diamond/flake.lock
new file mode 100644
index 0000000..88ab73f
--- /dev/null
+++ b/containers/diamond/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix
new file mode 100644
index 0000000..13b6b1e
--- /dev/null
+++ b/containers/diamond/flake.nix
@@ -0,0 +1,51 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }:
+  let
+    name = "diamond";
+    fqdn = "astransia.lava.moe";
+    subnetId = "4";
+
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    modules = [
+      ./configuration.nix
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { ... }: {
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:8000";
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
diff --git a/containers/diamond/templates/base/footer_content.tmpl b/containers/diamond/templates/base/footer_content.tmpl
new file mode 100644
index 0000000..a9238c3
--- /dev/null
+++ b/containers/diamond/templates/base/footer_content.tmpl
@@ -0,0 +1,31 @@
+<footer class="page-footer" role="group" aria-label="{{ctx.Locale.Tr "aria.footer"}}">
+    <div class="left-links" role="contentinfo" aria-label="{{ctx.Locale.Tr "aria.footer.software"}}">
+        {{if ShowFooterPoweredBy}}
+            <a target="_blank" rel="noopener noreferrer" href="https://forgejo.org">Forgejo</a>
+        {{end}}
+        {{if (or .ShowFooterVersion .PageIsAdmin)}}
+            {{if .IsAdmin}}
+                <a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
+            {{else}}
+                {{AppVerNoMetadata}}
+            {{end}}
+        {{end}}
+        {{if and .TemplateLoadTimes ShowFooterTemplateLoadTime}}
+            {{ctx.Locale.Tr "page"}}: <strong>{{LoadTimes .PageStartTime}}</strong>
+            {{ctx.Locale.Tr "template"}}{{if .TemplateName}} {{.TemplateName}}{{end}}: <strong>{{call .TemplateLoadTimes}}</strong>
+        {{end}}
+    </div>
+    <div class="right-links" role="group" aria-label="{{ctx.Locale.Tr "aria.footer.links"}}">
+        <div class="ui dropdown upward language">
+            <span class="flex-text-inline">{{svg "octicon-globe" 14}} {{ctx.Locale.LangName}}</span>
+            <div class="menu language-menu">
+                {{range .AllLangs}}
+                    <a lang="{{.Lang}}" data-url="{{AppSubUrl}}/?lang={{.Lang}}" class="item {{if eq ctx.Locale.Lang .Lang}}active selected{{end}}">{{.Name}}</a>
+                {{end}}
+            </div>
+        </div>
+        <a href="{{AssetUrlPrefix}}/licenses.txt">{{ctx.Locale.Tr "licenses"}}</a>
+        {{if .EnableSwagger}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
+        {{template "custom/extra_links_footer" .}}
+    </div>
+</footer>
diff --git a/containers/diamond/templates/home.tmpl b/containers/diamond/templates/home.tmpl
new file mode 100644
index 0000000..d460caf
--- /dev/null
+++ b/containers/diamond/templates/home.tmpl
@@ -0,0 +1,19 @@
+{{template "base/head" .}}
+{{if not .IsSigned}}
+    <script>window.location.href = "/explore/repos";</script>
+{{end}}
+<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
+    <div class="tw-mb-8 tw-px-8">
+        <div class="center">
+            <img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
+            <div class="hero">
+                <h1 class="ui icon header title">
+                    {{AppDisplayName}}
+                </h1>
+                <h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
+            </div>
+        </div>
+    </div>
+    {{template "home_forgejo" .}}
+</div>
+{{template "base/footer" .}}
diff --git a/flake.lock b/flake.lock
index 1484f08..5215cc5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -86,6 +86,20 @@
       },
       "parent": []
     },
+    "c-diamond": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_7"
+      },
+      "locked": {
+        "path": "./containers/diamond",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/diamond",
+        "type": "path"
+      },
+      "parent": []
+    },
     "catppuccin": {
       "inputs": {
         "nixpkgs": "nixpkgs_5"
@@ -491,7 +505,7 @@
     "nix-gaming": {
       "inputs": {
         "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
         "lastModified": 1770778188,
@@ -574,6 +588,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1770019141,
+        "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1744536153,
@@ -655,6 +685,22 @@
       }
     },
     "nixpkgs_7": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_8": {
       "locked": {
         "lastModified": 1770537093,
         "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=",
@@ -670,7 +716,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_8": {
+    "nixpkgs_9": {
       "locked": {
         "lastModified": 1770562336,
         "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
@@ -686,22 +732,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_9": {
-      "locked": {
-        "lastModified": 1770019141,
-        "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nuscht-search": {
       "inputs": {
         "flake-utils": "flake-utils",
@@ -744,7 +774,7 @@
     "pastel": {
       "inputs": {
         "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_10",
         "pnpm2nix": "pnpm2nix"
       },
       "locked": {
@@ -807,6 +837,7 @@
         "c-amethyst": "c-amethyst",
         "c-beryllium": "c-beryllium",
         "c-citrine": "c-citrine",
+        "c-diamond": "c-diamond",
         "catppuccin": "catppuccin_2",
         "catppuccin-palette": "catppuccin-palette",
         "fast-syntax-highlighting": "fast-syntax-highlighting",
@@ -815,7 +846,7 @@
         "neovim-nightly": "neovim-nightly",
         "nix-gaming": "nix-gaming",
         "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_8",
+        "nixpkgs": "nixpkgs_9",
         "nvim-treesitter": "nvim-treesitter",
         "pastel": "pastel",
         "pure": "pure",
diff --git a/flake.nix b/flake.nix
index f8866db..db68cbd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,6 +41,7 @@
     c-amethyst.url = "path:./containers/amethyst";
     c-beryllium.url = "path:./containers/beryllium";
     c-citrine.url = "path:./containers/citrine";
+    c-diamond.url = "path:./containers/diamond";
   };
 
   outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs:
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index 3f87d87..e7c332a 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -27,6 +27,7 @@
     inputs.c-amethyst.nixosModule
     inputs.c-beryllium.nixosModule
     inputs.c-citrine.nixosModule
+    inputs.c-diamond.nixosModule
 
     ./filesystem.nix
     ./kernel.nix