diff --git a/hosts/kasei/configuration.nix b/hosts/kasei/configuration.nix
index c4d56f9..8290ac0 100644
--- a/hosts/kasei/configuration.nix
+++ b/hosts/kasei/configuration.nix
@@ -1,5 +1,14 @@
 { config, lib, pkgs, inputs, specialArgs, ... }:
 {
+  imports = [
+    ./services/docker.nix
+    ./services/libvirtd.nix
+    ./services/logiops.nix
+    ./services/postgres.nix
+    ./services/stable-diffusion.nix
+    ./services/tailscale.nix
+  ];
+
   machineVars = {
     headless = false;
     gaming = true;
@@ -37,13 +46,7 @@
     hostName = "kasei";
     networkmanager.enable = true;
     interfaces.enp6s0.useDHCP = true;
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [ 7860 ];
-      allowedUDPPorts = [ config.services.tailscale.port ];
-      checkReversePath = "loose";
-      trustedInterfaces = [ "tailscale0" ];
-    };
+    firewall.enable = true;
     hostId = "f0660cef";
   };
 
@@ -56,32 +59,6 @@
     tailscale.enable = true;
   };
 
-  # TODO: remove when merged: https://github.com/NixOS/nixpkgs/pull/167388
-  systemd = {
-    services = {
-      logid = {
-        description = "Logitech Configuration Daemon";
-        startLimitIntervalSec = 0;
-        wants = [ "multi-user.target" ];
-        after = [ "multi-user.target" ];
-        wantedBy = [ "graphical-session.target" ];
-    
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = "${pkgs.logiops}/bin/logid";
-          User = "root";
-          ExecReload = "/bin/kill -HUP $MAINPID";
-          Restart="on-failure";
-        };
-      };
-    };
-  };
-
-  virtualisation = {
-    docker.enable = true;
-    libvirtd.enable = true;
-  };
-
   boot = {
     initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
     initrd.kernelModules = [ ];
@@ -134,6 +111,5 @@
     cpu.amd.updateMicrocode = true;
     enableRedistributableFirmware = true;
     keyboard.zsa.enable = true;
-    logitech.wireless.enable = true;
   };
 }
diff --git a/hosts/kasei/services/docker.nix b/hosts/kasei/services/docker.nix
new file mode 100644
index 0000000..9201bf8
--- /dev/null
+++ b/hosts/kasei/services/docker.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  virtualisation.docker.enable = true;
+}
diff --git a/hosts/kasei/services/libvirtd.nix b/hosts/kasei/services/libvirtd.nix
new file mode 100644
index 0000000..0e63f16
--- /dev/null
+++ b/hosts/kasei/services/libvirtd.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  virtualisation.libvirtd.enable = true;
+}
diff --git a/hosts/kasei/services/logiops.nix b/hosts/kasei/services/logiops.nix
new file mode 100644
index 0000000..da17ab6
--- /dev/null
+++ b/hosts/kasei/services/logiops.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+  # TODO: remove when merged: https://github.com/NixOS/nixpkgs/pull/167388
+  systemd.services = {
+    logid = {
+      description = "Logitech Configuration Daemon";
+      startLimitIntervalSec = 0;
+      wants = [ "multi-user.target" ];
+      after = [ "multi-user.target" ];
+      wantedBy = [ "graphical-session.target" ];
+    
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.logiops}/bin/logid";
+        User = "root";
+        ExecReload = "/bin/kill -HUP $MAINPID";
+        Restart="on-failure";
+      };
+    };
+  };
+
+  hardware.logitech.wireless.enable = true;
+}
diff --git a/hosts/kasei/services/postgres.nix b/hosts/kasei/services/postgres.nix
new file mode 100644
index 0000000..0eac868
--- /dev/null
+++ b/hosts/kasei/services/postgres.nix
@@ -0,0 +1,13 @@
+{ ... }:
+{
+  services.postgresql = {
+    enable = true;
+    enableTCPIP = true;
+    authentication = ''
+      # tailscale xps
+      host all all 100.94.170.21/32 md5
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+}
diff --git a/hosts/kasei/services/stable-diffusion.nix b/hosts/kasei/services/stable-diffusion.nix
new file mode 100644
index 0000000..e268034
--- /dev/null
+++ b/hosts/kasei/services/stable-diffusion.nix
@@ -0,0 +1,25 @@
+
+{ pkgs, ... }:
+{
+  systemd.services.sdwebui = {
+    description = "Stable Diffusion Web UI";
+    wants = [ "multi-user.target" ];
+    after = [ "multi-user.target" ];
+    path = with pkgs; [
+      nix
+      git
+      nix-output-monitor
+      bash
+    ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "/home/h7x4/sd-webui/run.sh";
+      User = "h7x4";
+      ExecReload = "/bin/kill -HUP $MAINPID";
+      Restart="on-failure";
+      WorkingDirectory = "/home/h7x4/sd-webui";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 7860 ];
+}
diff --git a/hosts/kasei/services/tailscale.nix b/hosts/kasei/services/tailscale.nix
new file mode 100644
index 0000000..1b80d40
--- /dev/null
+++ b/hosts/kasei/services/tailscale.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  services.tailscale.enable = true;
+
+  networking.firewall = {
+    allowedUDPPorts = [ config.services.tailscale.port ];
+    checkReversePath = "loose";
+    trustedInterfaces = [ "tailscale0" ];
+  };
+}