diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix
index 686a8a3..cd6baa4 100644
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@@ -122,6 +122,9 @@
     AWS_ENDPOINT_URL = "https://s3.cy7.sh";
     AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
     AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";
+
+    # bitwarden ssh agent
+    SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock";
   };
 
   home.sessionPath = [
@@ -149,15 +152,4 @@
   };
 
   programs.nix-index-database.comma.enable = true;
-
-  programs.neovim = {
-    enable = true;
-    viAlias = true;
-    vimAlias = true;
-  };
-
-  programs.ssh = {
-    enable = true;
-    addKeysToAgent = "yes";
-  };
 }
diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix
index ed91b61..eba3509 100644
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@@ -329,7 +329,6 @@
       curl
       pcre2
       gsettings-desktop-schemas
-      fzf
     ];
   };
   programs.evolution.enable = true;
@@ -391,6 +390,4 @@
   nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
   programs.fuse.userAllowOther = true;
   nix.settings.sandbox = false;
-
-  programs.ssh.startAgent = true;
 }
diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix
new file mode 100644
index 0000000..454d367
--- /dev/null
+++ b/overlay/attic/default.nix
@@ -0,0 +1,7 @@
+final: prev: {
+  attic-server = prev.attic-server.overrideAttrs {
+    patches = [
+      ./prefetch-8-chunks.patch
+    ];
+  };
+}
diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch
new file mode 100644
index 0000000..3d6134f
--- /dev/null
+++ b/overlay/attic/prefetch-8-chunks.patch
@@ -0,0 +1,14 @@
+diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs
+index 02e4857..b522154 100644
+--- a/server/src/api/binary_cache.rs
++++ b/server/src/api/binary_cache.rs
+@@ -215,7 +215,7 @@ async fn get_nar(
+         let chunk = chunks[0].as_ref().unwrap();
+         let remote_file = &chunk.remote_file.0;
+         let storage = state.storage().await?;
+-        match storage.download_file_db(remote_file, false).await? {
++        match storage.download_file_db(remote_file, true).await? {
+             Download::Url(url) => Ok(Redirect::temporary(&url).into_response()),
+             Download::AsyncRead(stream) => {
+                 let stream = ReaderStream::new(stream).map_err(|e| {
+
diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix
new file mode 100644
index 0000000..e9ace96
--- /dev/null
+++ b/overlay/bitwarden/default.nix
@@ -0,0 +1,9 @@
+final: prev: {
+  bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (
+    finalAttrs: prevAttrs: {
+      patches = prevAttrs.patches ++ [
+        ./ssh-agent-no-confirm.patch
+      ];
+    }
+  );
+}
diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch
new file mode 100644
index 0000000..3e8e023
--- /dev/null
+++ b/overlay/bitwarden/ssh-agent-no-confirm.patch
@@ -0,0 +1,34 @@
+diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs
+index 4e304cc..8203dca 100644
+--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
++++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
+@@ -44,28 +44,7 @@ impl ssh_agent::Agent<peerinfo::models::PeerInfo> for BitwardenDesktopAgent {
+             return false;
+         }
+ 
+-        let request_id = self.get_request_id().await;
+-        println!(
+-            "[SSH Agent] Confirming request from application: {}",
+-            info.process_name()
+-        );
+-
+-        let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe();
+-        self.show_ui_request_tx
+-            .send(SshAgentUIRequest {
+-                request_id,
+-                cipher_id: Some(ssh_key.cipher_uuid.clone()),
+-                process_name: info.process_name().to_string(),
+-                is_list: false,
+-            })
+-            .await
+-            .expect("Should send request to ui");
+-        while let Ok((id, response)) = rx_channel.recv().await {
+-            if id == request_id {
+-                return response;
+-            }
+-        }
+-        false
++        true
+     }
+ 
+     async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool {
diff --git a/overlay/default.nix b/overlay/default.nix
index 1708df4..f4a7353 100644
--- a/overlay/default.nix
+++ b/overlay/default.nix
@@ -1,4 +1,12 @@
 { inputs }:
+let
+  overlays = [
+    ./zipline
+    ./bitwarden
+    ./attic
+  ];
+  importedOverlays = map (m: import m) overlays;
+in
 [
   (
     final: prev:
diff --git a/overlay/vscode.nix b/overlay/vscode.nix
new file mode 100644
index 0000000..4de2d90
--- /dev/null
+++ b/overlay/vscode.nix
@@ -0,0 +1,14 @@
+final: prev: {
+  vscode-extensions = prev.vscode-extensions // {
+    github = prev.vscode-extensions.github // {
+      codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension {
+        mktplcRef = {
+          publisher = "github";
+          name = "codespaces";
+          version = "1.17.3";
+          hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w=";
+        };
+      };
+    };
+  };
+}
diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix
new file mode 100644
index 0000000..b114119
--- /dev/null
+++ b/overlay/zipline/default.nix
@@ -0,0 +1,7 @@
+final: prev: {
+  zipline = prev.zipline.overrideAttrs {
+    patches = [
+      ./no-check-bucket.patch
+    ];
+  };
+}
diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch
new file mode 100644
index 0000000..9d1c756
--- /dev/null
+++ b/overlay/zipline/no-check-bucket.patch
@@ -0,0 +1,45 @@
+diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts
+index 089dd64..39dd8f4 100644
+--- a/src/lib/datasource/S3.ts
++++ b/src/lib/datasource/S3.ts
+@@ -4,7 +4,6 @@ import {
+   DeleteObjectCommand,
+   DeleteObjectsCommand,
+   GetObjectCommand,
+-  ListBucketsCommand,
+   ListObjectsCommand,
+   PutObjectCommand,
+   S3Client,
+@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource {
+       endpoint: this.options.endpoint ?? undefined,
+       forcePathStyle: this.options.forcePathStyle ?? false,
+     });
+-
+-    this.ensureBucketExists();
+-  }
+-
+-  private async ensureBucketExists() {
+-    try {
+-      const res = await this.client.send(new ListBucketsCommand());
+-      if (res.$metadata.httpStatusCode !== 200) {
+-        this.logger
+-          .error('there was an error while listing buckets', res.$metadata as Record<string, unknown>)
+-          .error('zipline will now exit');
+-        process.exit(1);
+-      }
+-
+-      if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) {
+-        this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit');
+-        process.exit(1);
+-      }
+-    } catch (e) {
+-      this.logger
+-        .error('there was an error while listing buckets', e as Record<string, unknown>)
+-        .error('zipline will now exit');
+-      process.exit(1);
+-    } finally {
+-      this.logger.debug(`bucket ${this.options.bucket} exists`);
+-    }
+   }
+ 
+   public async get(file: string): Promise<Readable | null> {