diff --git a/.sops.yaml b/.sops.yaml
index 89b9de4..3f810b3 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,7 @@
 keys:
   - &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
   - &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
+  - &server_europa age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
 creation_rules:
   - path_regex: .*
     key_groups:
diff --git a/flake.nix b/flake.nix
index f3a53e6..030f363 100644
--- a/flake.nix
+++ b/flake.nix
@@ -49,6 +49,9 @@
             thebe = {
               inherit (tapir) sops-nix;
             };
+            europa = {
+              inherit (tapir) sops-nix;
+            };
           };
         };
 
@@ -83,6 +86,14 @@
             targetHost = "64.23.168.148";
           };
         };
+
+        europa = {
+          imports = [ ./hive/europa ];
+          deployment = {
+            allowLocalDeployment = false;
+            targetHost = "147.182.255.90";
+          };
+        };
       };
 
       packages.${system}.digital-ocean = {
diff --git a/hive/europa/default.nix b/hive/europa/default.nix
new file mode 100644
index 0000000..399d08f
--- /dev/null
+++ b/hive/europa/default.nix
@@ -0,0 +1,31 @@
+{ sops-nix, lib, ... }:
+{
+  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
+    sops-nix.nixosModules.sops
+    ../../digital-ocean/configuration.nix
+    ../../services/reconn
+  ];
+
+  networking = {
+    hostName = "europa";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  programs.mosh.enable = true;
+
+  services = {
+    nginx.enable = true;
+    openssh.enable = true;
+    postgresql.enable = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "jrpotter2112@gmail.com";
+  };
+
+  system.stateVersion = "23.11";
+}
diff --git a/services/reconn/default.nix b/services/reconn/default.nix
new file mode 100644
index 0000000..7d57fa3
--- /dev/null
+++ b/services/reconn/default.nix
@@ -0,0 +1,53 @@
+{ system, pkgs, lib, ... }:
+let
+  reconn-url = "git+https://git.jrpotter.com/r/reconn?rev=fa031b2507c625c54abca36fd3f86fc8338e8777";
+  reconn = (builtins.getFlake reconn-url).packages.${system}.app;
+in
+{
+  services = {
+    nginx.virtualHosts."www.hideandseek.live" = {
+      forceSSL = true;
+      enableACME = true;
+      serverAliases = [ "hideandseek.live" ];
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyPass = "http://127.0.0.1:4000";
+      };
+    };
+    postgresql = {
+      package = (pkgs.postgresql_15.withPackages (pkgs: [ pkgs.postgis ]));
+      ensureDatabases = [ "reconn" ];
+      authentication = lib.mkOverride 10 ''
+        # TYPE     DATABASE     USER     ADDRESS         METHOD
+          local    all          all                      trust
+          host     all          all      127.0.0.1/32    trust
+      '';
+    };
+  };
+
+  systemd.services.reconn = {
+    enable = true;
+    description = "Reconn Server";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" "postgresql.service" ];
+    requires = [ "network-online.target" "postgresql.service" ];
+    environment = {
+      DATABASE_URL = "ecto://postgres:postgres@localhost/reconn";
+    };
+    serviceConfig = {
+      Type = "exec";
+      EnvironmentFile = "/run/secrets/RECONN_SECRET_KEY_BASE";
+      ExecStartPre = "${reconn}/bin/migrate";
+      ExecStart = "${reconn}/bin/reconn start";
+      ExecStop = "${reconn}/bin/reconn stop";
+      ExecReload = "${reconn}/bin/reconn restart";
+      Restart = "on-failure";
+    };
+  };
+
+  sops = {
+    secrets.RECONN_SECRET_KEY_BASE = {
+      sopsFile = ./secrets.yaml;
+    };
+  };
+}
diff --git a/services/reconn/secrets.yaml b/services/reconn/secrets.yaml
new file mode 100644
index 0000000..bd3947e
--- /dev/null
+++ b/services/reconn/secrets.yaml
@@ -0,0 +1,30 @@
+RECONN_SECRET_KEY_BASE: ENC[AES256_GCM,data:uJa1Yb9YaoNtm7YH8Sn7lbG+NX2bBc8NAFaybyKRktMMnX3yBcEc8YviPXP/WYSakqq2DpmgJoUe4mciPDW3aadT3ufkDchWFpSvItkndXg=,iv:fkc2nuQrIqOrUiCqx1vK+hWa87yZgsVphSEo+pWv+Ig=,tag:TXUXHo7TdCz75wat8tK5qg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTEY1UzlkcjVlQzQzVUww
+            QWtvNnZXY2g5UU84aStUd3JyQnIrUGYzVzIwCmROcWdCNjZ5ZkxVaW5jSS94YTV5
+            ZWZZaWo0Rms2cldtYkxlV0dZSWhxMWMKLS0tIFZXNG9CKzRzQmtUNjN4UjQvcU1t
+            U1JmLzdFMTlvQnRFbnd4eVFNSlFsQWsKFxYi7rNAcjWUR5l8leh6e6YtrnpAj14B
+            KhrPUwiG4fwHMF9kWMEH05nWHQh41Vl43AYt7aEs0IO4uVqhXFghug==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWUJ0bW1sVjlBRVNnaU42
+            YmdhWEUyeStCalNQdWdybm5GdjV4TWFGYjE0CmViOGY2TlFqVW1iaVBSQ0l3L0d1
+            N3UzcUNlTkcrMjNUMWRJZHU1V1J0V00KLS0tIE5BdHZVak1oWnlhdy85NXhmQWhs
+            SEJMWFczYmhqOVkyT3JWYVI5c2I0TkEKyxl9d1C/ONI6TemSTYbyjopS4pDf7fUp
+            sbS77k1QzGb3EM2rD16WUu9i6mfqaaDboaO2D3Ltf4FVWdXTDQyt0w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-12T18:11:00Z"
+    mac: ENC[AES256_GCM,data:MK4DB60A07e5pjroITCd9RqOOnL1NRpKkQXbLPkHG/JgxR8n3PqzPs25tayBs9qogD/M3kHwLuyEiZdJOvMxqsMGqPYkrN26QVgEy3GFgAP6XfcFmBj+k0J18FNabnZNbiGMhgX+n1uwqxucRC93fcd99CItZC5DDBXbk2zl87o=,iv:apc5SjAS71dtVqGDvnUSe9phJlYG8wobu9luuo2CDOI=,tag:Bap5KTqiLGahbV/1L2YsPg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3