diff --git a/flake.nix b/flake.nix
index 7558f0e..9fc328d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,9 @@
   #sops-nix.inputs.nixpkgs.follows = "nixpkgs";
   #matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
 
+  inputs.pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git";
+  inputs.pbsds-papers.flake = false;
+
   # temp
   inputs.pr-polaris14.url = "github:pbsds/nixpkgs/polaris-14";
 
diff --git a/profiles/code-remote/default.nix b/profiles/code-remote/default.nix
index 8366aca..065835d 100644
--- a/profiles/code-remote/default.nix
+++ b/profiles/code-remote/default.nix
@@ -1,18 +1,18 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, inputs, ... }:
 
 # TODO:
-# * [ ] fix network sandboxing, so the container cant access localhost services on host
+# * [x] generate a ssh key if not existing
 # * [ ] automatically pull the repo on boot, do i need keys for that?
-#   * [ ] generate a ssh key if not existing
-#   * [ ] attempt to pull, otherwise print the ssh-pubkey
-# * [ ] Make vscode default to our repo
 # * [ ] customize the shit out of vscode
+# * [ ] don't ignore PDFs
+# * [ ] run the whole thing in a xvfb? should enable drawio and curv
 
 let
   domain = "${config.networking.hostName}.${config.networking.domain}";
   mkDomain = subname: "${subname}.${domain}";
-  container-name = "code-server-pandoc";
-  cnt = config.containers.${container-name}.config;
+  hostName = config.networking.hostName;
+  container-name = "code-server-pandoc-papers";
+  container = config.containers.${container-name}.config;
 in {
   networking.nat = {
     enable = true;
@@ -34,7 +34,7 @@ in {
 
     # container has no network access
     privateNetwork = true;
-    hostAddress = "10.240.100.2";
+    hostAddress  = "10.240.100.2";
     localAddress = "10.240.100.3";
 
     #forwardPorts = [
@@ -51,11 +51,11 @@ in {
     #  isReadOnly = false;
     #};
     config = { config, pkgs, lib, ... }: {
-      system.stateVersion = "22.05";
+      system.stateVersion = "22.11";
 
       #imports = [ <home-manager/nixos> ];
-      #home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers
       #home-manager.useGlobalPkgs = true; # brrr
+      #home-manager.useUserPackages = true; # requiredm installs user packages to /etc instead of ~/.nix-profile
       #home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
       #  programs.git.enable = true;
       #  programs.git.userName = "Noximilien code-server";
@@ -63,29 +63,33 @@ in {
       #};
 
       systemd.services.initial-setup = {
-        wantedBy = [ "multi-user.target" ];
+        enable   = true;
+        wantedBy = [ "code-server.service" ];
+        before   = [ "code-server.service" ];
+
         # TODO: run as the correct user
         serviceConfig.User  = config.services.code-server.user;
         serviceConfig.Group = config.services.code-server.group;
+
         # TODO: make the ssh key comment automatic
         script = ''
-          test -s "$HOME/.ssh/id_rsa.pub" || {
-            mkdir "$HOME/.ssh"
-            echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@noximilien" -f "$HOME/.ssh/id_ed25519"
+          test -s "$HOME/.ssh/id_ed25519.pub" || {
+            test -d "$HOME/.ssh" || mkdir -p "$HOME/.ssh"
+            echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@code-server-pandoc-${hostName}" -f "$HOME/.ssh/id_ed25519"
             echo
-            echo "You pubkey is:"
-            cat "$HOME/.ssh/id_ed25519.pub"
-            echo
-            exit
           }
+          echo "My pubkey is:"
+          cat "$HOME/.ssh/id_ed25519.pub"
 
           #${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
 
-          test -d "$HOME/repos/papers" || {
-            mkdir -p "$HOME/repos"
-            ${pkgs.git}/bin/git clone git@github.com:pbsds/papers.git
-
-          }
+          test -d "$HOME/repo" || (
+            set -x
+            cp -a ${inputs.pbsds-papers.outPath} "$HOME/repo"
+            chmod -R a+w "$HOME/repo"
+            cd "$HOME/repo/neural-intersection-fields"
+            ln -s ../.vscode .
+          )
         '';
       };
 
@@ -93,10 +97,16 @@ in {
         enable = true;
         host = "0.0.0.0"; # container
         port = 53754;
-        #user = "code-server";
+        #user  = "code-server";
         #group = "code.server";
+
         # a nice tool if you don't care about security: https://argon2.online/
         hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
+
+        extraArguments = [
+          "${config.users.users.${config.services.code-server.user}.home}/repo/neural-intersection-fields"
+        ];
+
         package = pkgs.vscode-with-extensions.override {
           vscode = pkgs.code-server.overrideAttrs (old: {
             # vscode-with-extensions compatibility
@@ -154,57 +164,13 @@ in {
             }
           ];
         };
-        extraPackages = with pkgs; [
-          # based on https://github.com/pbsds/papers/blob/main/shell.nix
-          (writeShellScriptBin "pandoc" ''
-            export XDG_DATA_HOME=${pandoc-lua-filters}/share
-            exec ${pandoc}/bin/pandoc "$@"
-          '')
-
-          (texlive.combine {
-            inherit (texlive)
-              scheme-small
-              titlesec
-              fontaxes
-              supertabular
-              xtab
-              # boxed quotes
-              mdframed
-              zref
-              needspace
-              soul
-              atkinson
-            ;
-          })
-
-          (python310.withPackages (ps: with ps; [
-            python-lsp-server
-            numpy
-            matplotlib
-            imageio
-            #(callPackage ./nix-modules/pytikz.nix { })
-            #(callPackage ./nix-modules/pyrender.nix { })
-          ]))
-
-          pandoc-imagine
-          haskellPackages.pandoc-crossref
-          #haskellPackages.pandoc-plot
-          #pandoc-plantuml-filter nodePackages.mermaid-cli
-
-          # tikz stuff
-          imagemagick
-          drawio-headless
-          openscad
-          #curv
-
-          bash
-          git
-          bat
-          gnumake
-          boxes
-          graphviz
-          #python3Packages.cairosvg
-        ];
+        extraPackages = let
+          shellnix = import "${inputs.pbsds-papers}/shell.nix" { inherit pkgs; };
+        in (with pkgs; [ imagemagick ]) #  for some reason it isn't passed from shell.nix
+          ++ shellnix.buildInputs
+          ++ shellnix.nativeBuildInputs
+          ++ shellnix.propagatedBuildInputs
+          ++ shellnix.propagatedNativeBuildInputs;
       };
 
       networking.firewall = {
@@ -213,9 +179,6 @@ in {
           config.services.code-server.port
         ];
       };
-
-      # Manually configure nameserver. Using resolved inside the container seems to fail currently
-      #environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
     };
   };
 
@@ -223,9 +186,9 @@ in {
     forceSSL = true; # addSSL = true;
     enableACME = true; #useACMEHost = acmeDomain;
     locations."/" = {
-      #proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
-      #proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
-      proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString cnt.services.code-server.port}";
+      #proxyPass = "http://127.0.0.1:${toString container.services.code-server.port}";
+      #proxyPass = "http://10.240.100.3:${toString container.services.code-server.port}";
+      proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString container.services.code-server.port}";
       proxyWebsockets = true;
     };
   };