diff --git a/container/webserver/config.nix b/container/webserver/config.nix
index 6ed4cdc..b69f428 100644
--- a/container/webserver/config.nix
+++ b/container/webserver/config.nix
@@ -79,4 +79,17 @@
 
     mode = "0644";
   };
+
+  # weewx
+
+  systemd.tmpfiles.rules = [
+    "d /etc/container-webserver/weewx 0755 421 421"
+  ];
+
+  environment.etc."container-webserver/weewx/weewx.conf" = {
+    source = ../../secret/container/webserver/config/weewx.conf;
+    mode = "0644";
+    uid = 421;
+    gid = 421;
+  };
 }
diff --git a/container/webserver/default.nix b/container/webserver/default.nix
index 97fc926..8f9ad61 100644
--- a/container/webserver/default.nix
+++ b/container/webserver/default.nix
@@ -1,5 +1,5 @@
 let
-  secret = import ../../secret/container/webserver.nix;
+  secret = import ../../secret/container/webserver;
   custom-config = import ./config.nix { inherit secret; };
 in
 {
@@ -98,6 +98,22 @@ in
           };
         };
       };
+
+      # weewx = {
+      #   service = {
+      #     image = "ghcr.io/nifoc/weewx-docker:master";
+      #     restart = "always";
+      #     depends_on = [ "ipv6nat" "mosquitto" ];
+      #     networks = [ "webserver" ];
+      #     environment = {
+      #       "TZ" = "Europe/Berlin";
+      #     };
+      #     volumes = [
+      #       "/etc/container-webserver/weewx:/data"
+      #     ];
+      #     labels = secret.container.webserver.weewx.labels;
+      #   };
+      # };
     };
 
     networks.webserver = {
diff --git a/secret/container/webserver.nix b/secret/container/webserver.nix
deleted file mode 100644
index 5d31af5..0000000
Binary files a/secret/container/webserver.nix and /dev/null differ
diff --git a/secret/container/webserver/config/weewx.conf b/secret/container/webserver/config/weewx.conf
new file mode 100644
index 0000000..a8a50d7
Binary files /dev/null and b/secret/container/webserver/config/weewx.conf differ
diff --git a/secret/container/webserver/default.nix b/secret/container/webserver/default.nix
new file mode 100644
index 0000000..167f5ad
Binary files /dev/null and b/secret/container/webserver/default.nix differ
diff --git a/system/hosts/sail.nix b/system/hosts/sail.nix
index 922c73a..628fe0b 100644
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+args@{ pkgs, ... }:
 
 let
   secret = import ../../secret/hosts/sail.nix;
@@ -9,7 +9,7 @@ in
     ../nixos/ssh.nix
 
     ../nixos/git.nix
-    ../nixos/tailscale.nix
+    (import ../nixos/tailscale.nix (args // { inherit secret; }))
 
     ../nixos/arion.nix
     ../../container/webserver
@@ -43,6 +43,13 @@ in
 
     interfaces.enp1s0.ipv6.addresses = secret.networking.interfaces.enp1s0.ipv6.addresses;
     defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
+
+    timeServers = [
+      "ntp1.hetzner.de"
+      "ntp2.hetzner.com"
+      "ntp3.hetzner.net"
+      "time.cloudflare.com"
+    ];
   };
 
   users.users.root.openssh.authorizedKeys.keys = [