diff --git a/README.md b/README.md
index 54481a7..1a70a20 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,14 @@
 # gtz blog
 An opinionated blog.
 I write posts about technology and other interests that I have.
+
+## Things I want to write
+
+### Opinion Piecese
+ - [ ] Clean Architecture is stupid - dependency injection is king
+
+### Digital Soverignty
+ - [x] how to host a blog
+ - [ ] how to securely "self-host" using a VPS, portainer and traefik
+ - [ ] how to configure neomutt
+ - [ ] how to securely host a mail server
diff --git a/content/posts/how-to-2famutt.md b/content/posts/how-to-2famutt.md
new file mode 100644
index 0000000..eed8bdf
--- /dev/null
+++ b/content/posts/how-to-2famutt.md
@@ -0,0 +1,339 @@
++++
+date = '2024-12-19'
+draft = true
+title = 'How to Use Two-Factor Authentication in Neomutt'
+tags = ['howto', 'tutorial', 'mutt', '2fa', 'oauth2']
+categories = ['technical']
++++
+
+```sh
+  808  17/12/24 19:06:42 git clone https://github.com/lukesmithxyz/mutt-wizard
+  809  17/12/24 19:07:18 cd mutt-wizard/
+  810  17/12/24 19:07:18 ls
+  811  17/12/24 19:07:24 which isync
+  812  17/12/24 19:07:30 sudo pacman -S isync
+  813  17/12/24 19:07:37 msmtp
+  814  17/12/24 19:07:42 sudo pacman -S msmtp
+  815  17/12/24 19:07:47 which pass
+  816  17/12/24 19:07:51 pacman -Ss pass
+  817  17/12/24 19:07:54 pacman -S pass
+  818  17/12/24 19:07:57 sudo pacman -S pass
+  819  17/12/24 19:08:13 passmenu
+  820  17/12/24 19:08:44 vim /usr/bin/passmenu
+  821  17/12/24 19:09:13 sudo vim /usr/bin/passmenu
+  822  17/12/24 19:09:24 passmenu
+  823  17/12/24 19:09:43 gpg --full-gen-key
+  824  17/12/24 19:10:59 pass init asger.gitz@hotmail.com
+  825  17/12/24 19:11:08 which lynx
+  826  17/12/24 19:11:13 which notmuch
+  827  17/12/24 19:11:22 sudo pacman -S notmuch abook
+  828  17/12/24 19:11:25 sudo pacman -S notmuch
+  829  17/12/24 19:11:32 pacman -Ss abook
+  830  17/12/24 19:11:37 yay -Ss abook
+  831  17/12/24 19:11:47 yay -S abook
+  832  17/12/24 19:12:15 mw
+  833  17/12/24 19:12:16 ls
+  834  17/12/24 19:12:35 ./bin/mw
+  835  17/12/24 19:12:57 ls
+  836  17/12/24 19:13:01 cat README.md
+  837  17/12/24 19:13:04 bat README.md
+  838  17/12/24 19:03:41 Hyprland
+  839  17/12/24 19:20:13 pacman -Ss neomutt
+  840  17/12/24 19:20:18 sudo pacman -S neomutt
+  841  17/12/24 19:20:31 sudo pacman -Syu
+  842  17/12/24 19:21:35 sudo pacman -S neomutt
+  843  17/12/24 19:21:49 neomutt
+  844  17/12/24 19:22:08 cd git/mutt-wizard/
+  845  17/12/24 19:22:09 ls
+  846  17/12/24 19:22:14 ./bin/mw -a
+  847  17/12/24 19:22:21 ./bin/mw -a asger.gitz@hotmail.com
+  848  17/12/24 19:25:41 man neomutt
+  849  17/12/24 19:25:57 man -s neomutt
+  850  17/12/24 19:26:05 man -k neomutt
+  851  17/12/24 19:26:10 apropos mutt
+  852  17/12/24 19:26:14 man -k mutt
+  853  17/12/24 19:26:18 man neomutt
+  854  17/12/24 19:31:34 info neomutt
+  855  17/12/24 19:31:41 man neomutt
+  856  17/12/24 19:31:45 man 2 neomutt
+  857  17/12/24 19:31:46 man 8 neomutt
+  858  17/12/24 19:33:29 cd /usr/share/doc/neomutt/
+  859  17/12/24 19:33:39 pacman -S pandoc
+  860  17/12/24 19:33:41 sudo pacman -S pandoc
+  861  17/12/24 19:37:07 pandoc -f html -t epub3 -o neomutt-manual.epub manual.html
+  862  17/12/24 19:37:54 ls
+  863  17/12/24 19:37:56 ls -lah
+  864  17/12/24 19:38:05 pandoc -f html -t epub3 -o ~/neomutt-manual.epub manual.html
+  865  17/12/24 19:30:34 ls /usr/share/doc/
+  866  17/12/24 19:30:38 ls /usr/share/doc/neomutt/
+  867  17/12/24 19:30:53 cd /usr/share/doc/neomutt/
+  868  17/12/24 19:30:53 ls
+  869  17/12/24 19:30:54 ll
+  870  17/12/24 19:30:56 ranger
+  871  17/12/24 22:01:44 n
+  872  17/12/24 22:06:13 ls
+  873  17/12/24 22:07:42 sudo mkdir -p /usr/local/share/mutt-wizard/mbsync-temp
+  874  17/12/24 22:07:49 mkdir -p /usr/local/share/mutt-wizard/mbsync-temp
+  875  17/12/24 22:07:52 sudo mkdir -p /usr/local/share/mutt-wizard/mbsync-temp
+  876  17/12/24 22:08:04 sudo mkdir -p /usr/local/share/mutt-wizard/msmtp-temp
+  877  17/12/24 22:08:08 sudo mkdir -p /usr/local/share/mutt-wizard/mutt-temp
+  878  17/12/24 22:08:12 sudo mkdir -p /usr/local/share/mutt-wizard/notmuch-temp
+  879  17/12/24 22:08:23 ls
+  880  17/12/24 22:08:31 cp email-token email-token.bak
+  881  17/12/24 22:19:45 ls
+  882  17/12/24 22:21:53 ls /usr/local/share/mutt-wizard/notmuch-temp/
+  883  17/12/24 22:22:03 ls /usr/local/share/mutt-wizard/
+  884  17/12/24 22:22:10 ranger /usr/local/share/mutt-wizard/
+  885  17/12/24 22:22:42 sudo rm -rf /usr/local/share/mutt-wizard/*
+  886  17/12/24 22:31:31 n .mbsyncrc
+  887  17/12/24 22:33:14 ls
+  888  17/12/24 22:33:23 mv email-token.bak documents/
+  889  17/12/24 22:33:24 ls do
+  890  17/12/24 22:33:26 ls documents/
+  891  17/12/24 22:34:10 lsblk
+  892  17/12/24 22:34:13 df -h
+  893  17/12/24 22:34:45 neomutt
+  894  17/12/24 21:41:57 cd git/mutt-wizard/
+  895  17/12/24 21:42:02 ./bin/mw -l
+  896  17/12/24 21:42:10 ./bin/mw -a asger.gitz@hotmail.com
+  897  17/12/24 21:43:25 gpg --list-keys
+  898  17/12/24 21:44:37 pass init asger.gitz@hotmail.com
+  899  17/12/24 21:44:52 pass help
+  900  17/12/24 21:44:57 pass ls
+  901  17/12/24 21:45:02 pass init asger.gitz@hotmail.com
+  902  17/12/24 21:45:05 ./bin/mw -a asger.gitz@hotmail.com
+  903  17/12/24 21:45:37 ./bin/mw
+  904  17/12/24 21:45:46 ./bin/mw -D asger.gitz@hotmail.com
+  905  17/12/24 21:45:54 pass edit asger.gitz@hotmail.com
+  906  17/12/24 21:46:13 man pass
+  907  17/12/24 21:46:44 pass edit asger.gitz@hotmail.com
+  908  17/12/24 21:48:44 ./bin/mw -a asger.gitz@hotmail.com
+  909  17/12/24 21:49:25 ./bin/mw -l
+  910  17/12/24 21:49:30 ./bin/mw -d
+  911  17/12/24 21:49:41 pass list
+  912  17/12/24 21:49:46 pass help
+  913  17/12/24 21:49:56 pass rm asger.gitz@hotmail.com
+  914  17/12/24 21:50:05 ./bin/mw
+  915  17/12/24 21:50:11 ./bin/mw -a asger.gitz@hotmail.com
+  916  17/12/24 21:51:42 ./bin/mw -a asger.gitz@hotmail.com -I 003 -S 587
+  917  17/12/24 21:52:05 ./bin/mw -a asger.gitz@hotmail.com -I 993 -S 587
+  918  17/12/24 21:52:42 pass list
+  919  17/12/24 21:52:48 pass help
+  920  17/12/24 21:52:59 pass show
+  921  17/12/24 21:53:03 pass show asger.gitz@hotmail.com
+  922  17/12/24 21:53:40 pass edit asger.gitz@hotmail.com
+  923  17/12/24 21:54:08 ./bin/mw -a asger.gitz@hotmail.com -I 993 -S 587
+  924  17/12/24 22:00:07 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --email "asger.gitz@hotmail.com" --provider microsoft --encryption-pipe "gpg --encrypt --recipient asger.gitz@hotmail.com"
+  925  17/12/24 22:00:21 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t --authorize --email "asger.gitz@hotmail.com" --provider microsoft --encryption-pipe "gpg --encrypt --recipient asger.gitz@hotmail.com" token_path
+  926  17/12/24 22:02:36 ls
+  927  17/12/24 22:02:39 cat token_path
+  928  17/12/24 22:03:06 mv token_path ..
+  929  17/12/24 22:03:09 cd ..
+  930  17/12/24 22:03:10 ls
+  931  17/12/24 22:03:14 mv token_path ..
+  932  17/12/24 22:03:15 cd ..
+  933  17/12/24 22:03:16 ls
+  934  17/12/24 22:03:25 mv token_path email-token
+  935  17/12/24 22:03:28 cd git/mutt-wizard/
+  936  17/12/24 22:03:31 lg
+  937  17/12/24 22:03:47 cd ..
+  938  17/12/24 22:03:49 rm -rf mutt-wizard/
+  939  17/12/24 22:03:54 git clone https://github.com/rampaq/mutt-wizard/tree/oauth2
+  940  17/12/24 22:04:10 git clone git@github.com:rampaq/mutt-wizard.git
+  941  17/12/24 22:04:14 cd mutt-wizard/
+  942  17/12/24 22:04:15 ls
+  943  17/12/24 22:04:21 lg
+  944  17/12/24 22:04:29 ./bin/mw
+  945  17/12/24 22:05:37 ./bin/mw -a asger.gitz@hotmail.com
+  946  17/12/24 22:07:19 ;s
+  947  17/12/24 22:07:20 ls
+  948  17/12/24 22:08:15 ./bin/mw -a asger.gitz@hotmail.com
+  949  17/12/24 22:09:30 ls ~
+  950  17/12/24 22:09:37 ./bin/mw -l
+  951  17/12/24 22:09:40 neomutt
+  952  17/12/24 22:14:36 ./bin/mw -l
+  953  17/12/24 22:14:39 ./bin/mw
+  954  17/12/24 22:14:44 ./bin/mw -d
+  955  17/12/24 22:15:02 mbsync -a
+  956  17/12/24 22:16:09 cd
+  957  17/12/24 22:16:16 ls .config/msmtp/config
+  958  17/12/24 22:16:36 ln -s .config/msmtp/config .msmtprc
+  959  17/12/24 22:16:40 ll
+  960  17/12/24 22:17:47 cat .mbsyncrc
+  961  17/12/24 22:17:56 ll
+  962  17/12/24 22:18:11 ll .mbsyncrc
+  963  17/12/24 22:18:29 cat .config/msmtp/config
+  964  17/12/24 22:18:51 cd git/mutt-wizard/
+  965  17/12/24 22:18:55 ./bin/mw
+  966  17/12/24 22:19:03 ./bin/mw -a asger.gitz@hotmail.com
+  967  17/12/24 22:19:10 ./bin/mw -d
+  968  17/12/24 22:19:13 ./bin/mw -a asger.gitz@hotmail.com
+  969  17/12/24 22:20:03 ls
+  970  17/12/24 22:20:06 cat ./bin/mw
+  971  17/12/24 22:20:36 less ./bin/mw
+  972  17/12/24 22:22:59 ./bin/mw -a asger.gitz@hotmail.com
+  973  17/12/24 22:23:02 ./bin/mw -d
+  974  17/12/24 22:23:04 ./bin/mw -a asger.gitz@hotmail.com
+  975  17/12/24 22:23:48 n bin/mw
+  976  17/12/24 22:24:10 ./bin/mw -a asger.gitz@hotmail.com
+  977  17/12/24 22:24:14 ./bin/mw -d
+  978  17/12/24 22:24:17 ./bin/mw -a asger.gitz@hotmail.com
+  979  17/12/24 22:24:52 msmtp -a
+  980  17/12/24 22:24:58 mbsync -a
+  981  17/12/24 22:25:02 man mbsync
+  982  17/12/24 22:25:23 n bin/mw
+  983  17/12/24 22:27:03 ls
+  984  17/12/24 22:27:08 make
+  985  17/12/24 22:27:12 sudo make install
+  986  17/12/24 22:27:27 mw -d
+  987  17/12/24 22:27:32 n bin/mw
+  988  17/12/24 22:27:37 sudo make install
+  989  17/12/24 22:27:47 mw -a asger.gitz@hotmail.com
+  990  17/12/24 22:28:08 neomutt
+  991  17/12/24 22:28:17 mbsync -a
+  992  17/12/24 22:29:24 cd ..
+  993  17/12/24 22:29:32 yay -Ss cyrus-sasl
+  994  17/12/24 22:29:47 yay -S cyrus-sasl-xoauth2.git
+  995  17/12/24 22:29:58 yay -S cyrus-sasl-xoauth2-git
+  996  17/12/24 22:30:17 mbsync -a
+  997  17/12/24 22:37:12 mw
+  998  17/12/24 22:37:18 man mbsync
+  999  17/12/24 22:37:33 man mbsyncd
+ 1000  17/12/24 21:27:10 Hyprland
+ 1001  18/12/24 07:13:16 cd dotfiles/
+ 1002  18/12/24 07:13:17 n
+ 1003  18/12/24 07:14:15 cd dotfiles/
+ 1004  18/12/24 07:14:16 n
+ 1005  18/12/24 07:18:11 neomutt
+ 1006  18/12/24 07:18:21 mbsync -a
+ 1007  18/12/24 07:19:00 ls
+ 1008  18/12/24 07:19:02 ll
+ 1009  18/12/24 07:19:14 mbsync -a
+ 1010  18/12/24 07:19:38 gpg -qe -r asger.gitz@hotmail.com asger.gitz@hotmail.com.tokens
+ 1011  18/12/24 07:19:47 mbsync -a
+ 1012  18/12/24 07:20:03 pass init asger.gitz@hotmail.com
+ 1013  18/12/24 07:20:05 mbsync -a
+ 1014  18/12/24 07:20:14 pass show asger.gitz@hotmail.com
+ 1015  18/12/24 07:20:18 pass list
+ 1016  18/12/24 07:20:22 pass show asger.gitz@hotmail.com.tokens
+ 1017  18/12/24 07:20:42 pass init asger.gitz@hotmail.com.tokens
+ 1018  18/12/24 07:20:45 pass show asger.gitz@hotmail.com.tokens
+ 1019  18/12/24 07:20:51 pass list
+ 1020  18/12/24 07:21:16 mbsync -a
+ 1021  18/12/24 07:29:09 history
+
+
+   927  18/12/24 19:38:06 dwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  928  18/12/24 19:38:29 ./mutt_oauth2.py -v -t     --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret ""     --email "asger.gitz@hotmail.com" --provider microsoft    --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg"  /home/agj/email-token
+  929  18/12/24 19:38:58 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t     --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret ""     --email "asger.gitz@hotmail.com" --provider microsoft    --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg"  /home/agj/email-token
+  930  18/12/24 19:39:08 sudo vim /usr/share/neomutt/oauth2/mutt_oauth2.py
+  931  18/12/24 19:39:25 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t     --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret ""     --email "asger.gitz@hotmail.com" --provider microsoft    --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg"  /home/agj/email-token
+  932  18/12/24 19:39:39 cat /home/agj/email-token
+  933  18/12/24 19:39:53 ls ..
+  934  18/12/24 19:39:56 ls .. -lah
+  935  18/12/24 19:40:34 history | grep email-token.bak
+  936  18/12/24 19:40:42 cd ..
+  937  18/12/24 19:40:44 rm email-token
+  938  18/12/24 19:40:53 cp documents/email-token.bak email-token
+  939  18/12/24 19:40:57 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t     --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret ""     --email "asger.gitz@hotmail.com" --provider microsoft    --decryption-pipe "gpg --decrypt /home/agj/.password-store/asger.gitz\@hotmail.com.gpg"  /home/agj/email-token
+  940  18/12/24 19:40:58 ls
+  941  18/12/24 19:40:59 ll
+  942  18/12/24 19:41:03 cat email-token
+  943  18/12/24 19:41:19 mw -l
+  944  18/12/24 19:41:20 mw -d
+  945  18/12/24 19:41:29 mw -a asger.gitz@hotmail.com
+  946  18/12/24 19:42:07 /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t     --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret ""     --email "asger.gitz@hotmail.com" --provider microsoft    /home/agj/email-token-hest
+  947  18/12/24 19:42:47 ls
+  948  18/12/24 19:42:56 cat email-token-hest
+  949  18/12/24 19:43:00 mailsync
+  950  18/12/24 19:43:04 n .mbsyncrc
+  951  18/12/24 19:43:15 mailsync
+  952  18/12/24 19:43:20 n .mbsyncrc
+  953  18/12/24 19:43:36 cat .password-store/asger.gitz\@hotmail.com.tokens
+  954  18/12/24 19:43:45 file .password-store/asger.gitz\@hotmail.com.tokens
+  955  18/12/24 19:43:49 n .mbsyncrc
+  956  18/12/24 19:44:05 mailsync
+  957  18/12/24 19:44:13 mbsync -a
+  958  18/12/24 19:44:29 n .mbsyncrc
+  959  18/12/24 19:44:43 mbsync -a
+  960  18/12/24 19:44:46 n .mbsyncrc
+  961  18/12/24 19:45:17 mbsync -a
+  962  18/12/24 19:45:27 g456123
+  963  18/12/24 19:45:36 mailsync
+  964  18/12/24 19:32:53 Hyprland
+  965  18/12/24 19:45:46 sudo reboot
+  966  18/12/24 19:53:57 which view-mailcap
+  967  18/12/24 19:47:37 mailsync
+  968  18/12/24 19:47:49 ls
+  969  18/12/24 19:48:22 neomutt
+```
+
+## GPG
+
+```sh
+gpg --full-gen-key
+```
+
+## OAuth2
+First, sign in to your mail through the browser. This is needed for the OAuth2 authorization flow.
+As part of installing neomutt, you should have the oauth2 python script located in `/usr/share/neomutt/oauth2/`.
+We need to register neomutt as an already trusted app.
+We will simply abuse the thunderbird client-id for this, which is: `9e5f94bc-e8a4-4e73-b8be-63364c29d753` - with this you don't need to specify a client secret:
+
+```sh
+/usr/share/neomutt/oauth2/mutt_oauth2.py \
+    -v \
+    -t \
+    --authorize \
+    --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" \
+    --client-secret "" \
+    --email "your-email-here" \
+    --provider microsoft \
+    $HOME/email-token
+```
+
+This will ask you a couple of questions. Select `authcode` for the preferred OAuth2 flow.
+If prompted for a client secret, simply press enter.
+You should get a link - enter that link into your browser and allow the app.
+By the end of the flow you should end up at an empty website.
+Copy the last part of the URL and paste it into your terminal.
+After this you should have a token file located at `$HOME/email-token`.
+It's a good idea to take a backup of this file just in case you overwrite it.
+But if you do loose it, you can just run the flow again.
+
+## Mutt-Wizard
+Phew! That was a lot. We are almost there!
+Based on [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard).
+
+<!-- Run mutt-wizard -->
+
+After this, you should edit your `~/.mbsyncrc` file, as the default `PassCmd` is not quite configured yet.
+It should look something like this (make sure to change `your-email-here` and `username` to the appropriate values):
+```
+...
+PassCmd "/usr/share/neomutt/oauth2/mutt_oauth2.py --encryption-pipe 'gpg -e -r your-email-here' /home/username/email-token"
+...
+```
+
+You should now be able to run `mailsync`:
+
+```sh
+mailsync
+```
+
+It might ask you to select which profile to sync.
+Just provide the name you set when setting up your gpg profile and everything should sync now!
+After a successful sync, you should be able to just open `neomutt` and start reading, replying and whatever you do with email!
+
+```sh
+neomutt
+```
+
+## TODOs
+ - [ ] introduction
+ - [ ] instructions on installing mutt-wizard (oauth2 version) (ubuntu / arch) - including dependencies
+  - Mention that the oauth2 version might be merged in the future and refer to luke's version if merged
+ - [ ] instructions on registering app passwords (gmail / outlook)
+ - [ ] instructions on how to use `pass`
+ - [x] figure out how to consistently use `mbsync -a` (perhaps a cronjob?)
+ - [ ] Start the article with a demo of what we'll be making
diff --git a/content/posts/how-to-portainer.md b/content/posts/how-to-portainer.md
index 74d71dc..948eed3 100644
--- a/content/posts/how-to-portainer.md
+++ b/content/posts/how-to-portainer.md
@@ -18,13 +18,14 @@ If you choose to follow along, by the end of it, you will have an environment wh
 
 ## Automatic backups
 
-## Missing things in this post
- - [ ] portainer introduction
- - [ ] traefik introduction
-
-## Things that I dont know how to do yet
+## TODOs
  - [ ] 2FA the control dashboards through keycloak
  - [ ] geoblocking the control dashboards
+ - [ ] start the article with a demo of what we'll be making
+ - MAYBE:
+   - [ ] portainer introduction (maybe)
+   - [ ] traefik introduction (maybe)
+   - [ ] add a "skip if you already know portainer and traefik"
 
 
 ```yaml