diff --git a/nixos/machines/frumar/default.nix b/nixos/machines/frumar/default.nix
index ac1e43f..993e7c1 100644
--- a/nixos/machines/frumar/default.nix
+++ b/nixos/machines/frumar/default.nix
@@ -83,7 +83,7 @@
         locations."/sonarr" = proxyOauth2 "http://127.0.0.1:8989";
         locations."/radarr" = proxyOauth2 "http://127.0.0.1:7878";
         locations."/marvin-tracker/" = {
-          proxyPass = "http://[::1]:4001/";
+          proxyPass = "http://[::1]:${toString config.services.yorick.marvin-tracker.port}/";
           extraConfig = "auth_request off;";
           # handles auth using arg
         };
@@ -291,6 +291,11 @@
               password = "$2a$11$V9G2gT52obCsDOBwibHfMudnibwP/s3NwUjwvtsnlHfkn5kJHOOEe";
               allowed_connection_types = [ "MQTT" ];
             }
+            {
+              user = "govee2mqtt";
+              password = "$2y$10$7EOQkxOjWdHV.hCb.a92JOAU30Qgok0faew/1xU3SJhaXVuKbZ1bm";
+              allowed_connection_types = [ "MQTT" ];
+            }
           ];
         };
       };
diff --git a/nixos/machines/frumar/home-automation.nix b/nixos/machines/frumar/home-automation.nix
index 416da5c..aa8d594 100644
--- a/nixos/machines/frumar/home-automation.nix
+++ b/nixos/machines/frumar/home-automation.nix
@@ -15,6 +15,12 @@
       serial.port = "/dev/ttyUSB0";
     };
   };
+  age.secrets.govee2mqtt-env.file = ../../../secrets/govee2mqtt.env.age;
+  services.govee2mqtt = {
+    enable = true;
+    environmentFile = config.age.secrets.govee2mqtt-env.path;
+  };
+  networking.firewall.allowedUDPPorts = [ 4002 ]; # govee2mqtt
   services.home-assistant = {
     enable = true;
     openFirewall = true;
@@ -35,6 +41,7 @@
       "ipp"
       "homekit_controller"
       "tuya" "ffmpeg"
+      "govee_light_local"
       #"unifiprotect"
     ];
     customComponents = [
@@ -66,7 +73,6 @@
       mobile_app = {};
       default_config = {};
       system_log = {};
-      "map" = {};
       
       frontend.themes = "!include_dir_merge_named themes";
       automation = "!include automations.yaml";
diff --git a/nixos/modules/marvin-tracker.nix b/nixos/modules/marvin-tracker.nix
index ef26c30..138c0e0 100644
--- a/nixos/modules/marvin-tracker.nix
+++ b/nixos/modules/marvin-tracker.nix
@@ -8,7 +8,7 @@ let cfg = config.services.yorick.marvin-tracker; in
       type = types.str;
     };
     port = mkOption {
-      default = 4001;
+      default = 4008;
       type = types.port;
     };
     package = mkOption {
diff --git a/pkgs/default.nix b/pkgs/default.nix
index bb6a1f7..7f6b0c7 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -91,4 +91,5 @@
   llm = super.callPackage ./llm.nix {
     python3 = self.python312;
   };
+  govee2mqtt = super.callPackage ./govee2mqtt.nix { inherit (super) govee2mqtt; };
 })
diff --git a/pkgs/dont-vendor-openssl.patch b/pkgs/dont-vendor-openssl.patch
new file mode 100644
index 0000000..e4e8cb2
--- /dev/null
+++ b/pkgs/dont-vendor-openssl.patch
@@ -0,0 +1,41 @@
+diff --git a/Cargo.lock b/Cargo.lock
+index 193c40c..50edf55 100644
+--- a/Cargo.lock
++++ b/Cargo.lock
+@@ -1495,15 +1495,6 @@ version = "0.1.5"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+ 
+-[[package]]
+-name = "openssl-src"
+-version = "300.3.1+3.3.1"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "7259953d42a81bf137fbbd73bd30a8e1914d6dce43c2b90ed575783a22608b91"
+-dependencies = [
+- "cc",
+-]
+-
+ [[package]]
+ name = "openssl-sys"
+ version = "0.9.102"
+@@ -1512,7 +1503,6 @@ checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2"
+ dependencies = [
+  "cc",
+  "libc",
+- "openssl-src",
+  "pkg-config",
+  "vcpkg",
+ ]
+diff --git a/Cargo.toml b/Cargo.toml
+index 1e87339..cc822f2 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -44,7 +44,7 @@ parking_lot = "0.12.1"
+ 
+ [dependencies.mosquitto-rs]
+ version="0.11.1"
+-features = ["vendored-openssl"]
++features = ["router"]
+ #path = "../mosquitto-rs/mosquitto-rs"
+ 
+ [dev-dependencies]
diff --git a/pkgs/govee2mqtt.nix b/pkgs/govee2mqtt.nix
new file mode 100644
index 0000000..e3a1fae
--- /dev/null
+++ b/pkgs/govee2mqtt.nix
@@ -0,0 +1,28 @@
+{ lib, fetchFromGitHub, rustPlatform, govee2mqtt, pkg-config, openssl }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "govee2mqtt";
+  version = "2024.06.15-patched";
+  src = fetchFromGitHub {
+    owner = "yorickvP";
+    repo = pname;
+    rev = "968b98a2efb7174ac34989b6383e5d21249e567f";
+    hash = "sha256-U8cxmQoWlNtBvVwCSPAkPP2rJbWM2DVnN/CvPMU2wpQ=";
+  };
+  cargoHash = "sha256-/iAK6Vp6tCW5W1fsA2S9TqGml2EvyBMMwovMt/oVDSo=";
+  cargoPatches = [ ./dont-vendor-openssl.patch ];
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [ openssl ];
+
+  postPatch = ''
+    substituteInPlace src/service/http.rs \
+      --replace '"assets"' '"${placeholder "out"}/share/govee2mqtt/assets"'
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/govee2mqtt/
+    cp -r assets $out/share/govee2mqtt/
+  '';
+  inherit (govee2mqtt) meta;
+}
diff --git a/secrets/govee2mqtt.env.age b/secrets/govee2mqtt.env.age
new file mode 100644
index 0000000..dab04be
--- /dev/null
+++ b/secrets/govee2mqtt.env.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 F4iJj7MxQCNoiGycdWq1Ty30Q5etLb4pjc7ExmV8O1w
+L8Q/sxmZaxUTYD3whnWRtSCih7a0mkW8wGZLeFRUmc0
+-> ssh-ed25519 n7yA6g ZMDoV+9G4wH58BZLdcLFNzaJ2ip4YZR5EemC8Ld+i0U
+LZoX6EnAI70UKiaNO3HxzrtaOFPceyZW2FjHymlG7Co
+--- V2GhHllLGXOb3OpkhcAyc6Cpbhh4B2nfUUaiemh9Dmw
+ù^¬Ò”äçE
+Ú2$Çj¶ÑŒc8¨Z6Ð«ìÎ?µŽÖ¾e¸˜åûˆ’Ð}Zf±€Ê/êúsõÀê&KÐB¾Ìõš‚a1òæ¢Ë²’”zÌgfR£¿ÎËs§9yîÑwJ¹3CŽgAÔÒGÂé1/åÀ”è†r£·­hìÆs‹n¥¦‡ùyVQË#ã‰IZª7G9™²gÄ‚Ïý<ò´wy}bÙoQ?ÔÓi³ä1ºÑÚ-yëBT6åK{m:;»w…ÕH$%2ÄÍÌÃW³ucÅ¶8";Ÿúÿ¶Ô[ÄŒ[™zhãm$ùô?S÷¥&iõ¬²†H
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5a3b759..8336541 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,30 +7,33 @@ let
   jarvis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd8oRn7T+NnzDbTLaWyiUGIRZ21n42zdozkuUoHp8IX";
 
 in
-{
-  "wg.blackadder.age".publicKeys = [ yorick blackadder ];
-  "wg.frumar.age".publicKeys = [ yorick frumar ];
-  "wg.jarvis.age".publicKeys = [ yorick jarvis ];
-  "wg.pennyworth.age".publicKeys = [ yorick pennyworth ];
-  "wg.smithers.age".publicKeys = [ yorick smithers ];
-  "wg.mullvad-nl4.age".publicKeys = [ yorick frumar ];
-  "grafana.env.age".publicKeys = [ yorick frumar ];
-  "http.muflax.age".publicKeys = [ yorick pennyworth ];
-  "nix-netrc.age".publicKeys = [ yorick blackadder jarvis ];
-  "nix-netrc-yorick.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
-  "pennyworth_borg_repo.age".publicKeys = [ yorick pennyworth ];
-  "pennyworth_borg_ssh.age".publicKeys = [ yorick pennyworth ];
-  "transip-key.age".publicKeys = [ yorick frumar ];
-  "yorick-mail-pass.age".publicKeys = [ yorick pennyworth ];
-  "yorick-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
-  "root-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
-  "frumar-mail-pass-hash.age".publicKeys = [ yorick pennyworth ];
-  "frumar-mail-pass.age".publicKeys = [ yorick frumar ];
-  "zigbee2mqtt.env.age".publicKeys = [ yorick frumar ];
-  "marvin-tracker.env.age".publicKeys = [ yorick frumar ];
-  "oauth2-proxy.age".publicKeys = [ yorick frumar ];
-  "attic.env.age".publicKeys = [ yorick frumar ];
-  "yobot.toml.age".publicKeys = [ yorick pennyworth ];
-  "wg.dk.blackadder.age".publicKeys = [ yorick blackadder ];
-  "wg.dk.smithers.age".publicKeys = [ yorick smithers ];
+builtins.mapAttrs (x: y: {
+  publicKeys = [ yorick ] ++ y;
+}) {
+  "wg.blackadder.age" = [ blackadder ];
+  "wg.frumar.age" = [ frumar ];
+  "wg.jarvis.age" = [ jarvis ];
+  "wg.pennyworth.age" = [ pennyworth ];
+  "wg.smithers.age" = [ smithers ];
+  "wg.mullvad-nl4.age" = [ frumar ];
+  "grafana.env.age" = [ frumar ];
+  "http.muflax.age" = [ pennyworth ];
+  "nix-netrc.age" = [ blackadder jarvis ];
+  "nix-netrc-yorick.age" = [ blackadder pennyworth frumar smithers jarvis ];
+  "pennyworth_borg_repo.age" = [ pennyworth ];
+  "pennyworth_borg_ssh.age" = [ pennyworth ];
+  "transip-key.age" = [ frumar ];
+  "yorick-mail-pass.age" = [ pennyworth ];
+  "yorick-user-pass.age" = [ blackadder pennyworth frumar smithers jarvis ];
+  "root-user-pass.age" = [ blackadder pennyworth frumar smithers jarvis ];
+  "frumar-mail-pass-hash.age" = [ pennyworth ];
+  "frumar-mail-pass.age" = [ frumar ];
+  "zigbee2mqtt.env.age" = [ frumar ];
+  "marvin-tracker.env.age" = [ frumar ];
+  "oauth2-proxy.age" = [ frumar ];
+  "attic.env.age" = [ frumar ];
+  "yobot.toml.age" = [ pennyworth ];
+  "wg.dk.blackadder.age" = [ blackadder ];
+  "wg.dk.smithers.age" = [ smithers ];
+  "govee2mqtt.env.age" = [ frumar ];
 }