diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 894362d97..19675be32 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -14,6 +14,7 @@ in {
     ../2configs/retiolum.nix
     ../2configs/fastpoke-pages.nix
     ../2configs/new-repos.nix
+    ../2configs/privoxy-retiolum.nix
     {
       networking.interfaces.enp2s1.ip4 = [
         {
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index c10e792f2..1ac1c2162 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -23,6 +23,7 @@
     ../2configs/wordpress.nix
     ../2configs/bitlbee.nix
     ../2configs/firefoxPatched.nix
+    ../2configs/wallpaper.nix
   ];
 
   krebs.build = {
diff --git a/lass/2configs/privoxy-retiolum.nix b/lass/2configs/privoxy-retiolum.nix
new file mode 100644
index 000000000..3a3641ad8
--- /dev/null
+++ b/lass/2configs/privoxy-retiolum.nix
@@ -0,0 +1,21 @@
+{ config, lib, ... }:
+
+let
+  r_ip = (head config.krebs.build.host.nets.retiolum.addrs4);
+  inherit (lib) head;
+
+in {
+  imports = [
+    ./privoxy.nix
+  ];
+
+  services.privoxy.listenAddress = "${r_ip}:8118";
+
+  krebs.iptables = {
+    tables = {
+      filter.INPUT.rules = [
+        { predicate = "-i retiolum -p tcp --dport 8118"; target = "ACCEPT"; }
+      ];
+    };
+  };
+}
diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix
new file mode 100644
index 000000000..bf5f6e206
--- /dev/null
+++ b/lass/2configs/privoxy.nix
@@ -0,0 +1,15 @@
+{ config, ... }:
+
+{
+  services.privoxy = {
+    enable = true;
+    extraConfig = ''
+      #use polipo
+      forward / localhost:8123
+
+      #route .onion through tor
+      forward-socks4a .onion localhost:9050
+    '';
+  };
+  services.polipo.enable = true;
+}