diff --git a/README.md b/README.md
index ee3eb90..8de39c3 100644
--- a/README.md
+++ b/README.md
@@ -1,150 +1,71 @@
 # dot
 
 This repo tracks user and system configuration files, installed packages
-and used commands for several machines or virtual servers. All are
-running Debian. The `milano` section documents our desktop setup based
-on `sway`, `foot`, `neovim` and `fzy`.
+and initial command history for setting-up a desktop environment running Debian
+testing/unstable with `sway`, `foot`, `fuzzel` and `neovim`.
 
-## milano
+## bootstrap the dotfiles
 
-```sh
-# urosm@milano
-## bootstrap dotfiles
+```
 sudo apt install git
 git init -b main
 git remote add origin gitea@git.kompot.si:urosm/dot.git
 git pull origin main
-## disable annoying .sudo_as_admin_successful file
+```
+
+## setup urosm@milano
+
+```sh
+# disable the annoying `.sudo_as_admin_successful` file
 sudo cp -ri .config/sudoers.d /etc/
-## update to debian testing
+# update to debian testing
 sudo cp -ri .config/apt /etc/
 sudo apt update
 sudo apt full-upgrade
-sudo apt install apt-listbugs apt-listchanges
-## reconfigure locales
+# reconfigure locales
 sudo dpkg-reconfigure locales
-## install tasksel packages
-sudo tasksel install web-server
-sudo tasksel install ssh-server
-## harden ssh
-sudo cp -ri .config/ssh /etc/
-systemctl restart sshd
-## install and configure firewall
-sudo apt install ufw
-sudo ufw allow "SSH"
-sudo ufw allow 1194/udp
-sudo ufw enable
-## install utils
-sudo apt install network-manager
+# configure and start firewall
+sudo cp -ri .config/nftables.conf /etc/
+systemctl enable --now nftables.service
+# configure and install networking
 sudo cp -ir .config/network /etc/
+sudo apt install network-manager
+# install utils
 sudo apt install udisks2
 sudo apt install jq
-sudo apt install fzy
-## install neovim
-sudo apt install neovim
-## install desktop packages
+# install desktop packages
 sudo apt install sway
 sudo apt install swayidle swaylock
 sudo apt install brightnessctl wlsunset
-sudo apt install wl-clipboard grim
-sudo apt install libnotify-bin mako-notifier
+sudo apt install grim
+sudo apt install mako-notifier libnotify-bin
 sudo apt install fonts-agave
-## install and configure audio packages
+# install neovim
+sudo apt install neovim wl-clipboard
+# install and configure audio packages
 sudo apt install pipewire-audio
 systemctl --user enable --now wireplumber.service
-## install writing packages
+# install writing packages
 sudo apt install make
 sudo apt install pandoc
 sudo apt install texlive-latex-extra
 sudo apt install texlive-lang-european
-## install web packages
+# install web packages
 sudo apt install firefox
 sudo apt install thunderbird
-## install media packages
+# install media packages
 sudo apt install mpv
 sudo apt install zathura
 sudo apt install inkscape
-## install office packages
+# install office packages
 sudo apt install libreoffice libreoffice-gtk3
 sudo apt install libreoffice-l10n-sl
-## install printing packages
+# install printing and scanning packages
 sudo apt install cups printer-driver-all
 sudo adduser urosm lpadmin
-## install scanning packages
 sudo apt install simple-scan
-## install pdf processing packages
+# install pdf processing packages
 sudo apt install qpdf ocrmypdf
-## install rdp packages
+# install rdp packages
 sudo apt install remmina
-## install and setup ikiwiki
-sudo apt install ikiwiki
-sudo apt install libfile-mimeinfo-perl libhighlight-perl libhtml-tree-perl libimage-magick-perl liblocale-gettext-perl libmailtools-perl libnet-amazon-s3-perl libnet-inet6glue-perl libsearch-xapian-perl libsort-naturally-perl libtext-csv-perl libtext-multimarkdown-perl libtext-textile-perl libtext-typography-perl libtext-wikicreole-perl libtext-wikiformat-perl libxml-feed-perl libxml-writer-perl
-chmod 711 $HOME
-sudo a2enmod userdir
-sudo a2enmod cgi
-sudo cp .config/apache2/sites-available/kontrakurs.localhost.conf /etc/apache2/sites-available/
-sudo cp .config/apache2/sites-available/bavbavhaus.localhost.conf /etc/apache2/sites-available/
-sudo a2ensite kontrakurs.localhost bavbavhaus.localhost
-systemctl restart apache2
-```
-
-## {padova,tivoli,genova}
-
-```sh
-ssh root@padova
-adduser urosm
-adduser urosm sudo
-exit
-ssh-copy-id urosm@padova
-ssh urosm@padova
-## bootstrap dotfiles
-sudo apt update
-sudo apt upgrade
-sudo apt install git
-git init -b main
-git remote add origin gitea@git.kompot.si:urosm/dot.git
-git pull origin main
-## disable annoying .sudo_as_admin_successful file
-sudo cp -ri .config/sudoers.d /etc/
-## install screen
-sudo apt install screen
-## install and configure firewall
-sudo apt install ufw
-sudo ufw allow "SSH" # ssh
-sudo ufw allow 1194/udp # vpn
-sudo ufw allow "WWW Full" # web
-sudo ufw allow "SMTP" # mail
-sudo ufw allow "Mail submission" # mail
-sudo ufw allow "IMAP" # mail
-sudo ufw allow "IMAPS" # mail
-sudo ufw enable
-## harden ssh
-sudo cp -ri .config/ssh /etc/
-sudo systemctl restart sshd
-## install and configure wireguard
-sudo cp -ir .config/sysctl.d /etc/
-sudo sysctl -p
-sudo apt install wireguard
-sudo cp -i .config/wireguard/padova.conf /etc/wireguard/
-wg-quick up padova
-## install and configure webserver
-sudo tasksel install web-server
-sudo a2enmod rewrite
-sudo a2enmod userdir
-sudo a2enmod cgi
-chmod 711 "$HOME"
-sudo cp -ir .config/apache2/sites-available /etc/apache2/
-sudo a2ensite bavbavhaus.net
-sudo a2ensite kontrakurs.org
-sudo systemctl reload apache2
-## install certbot
-sudo apt install certbot
-sudo apt install python3-certbot-apache
-sudo certbot --apache
-## install ikiwiki
-sudo apt install --install-recommends ikiwiki
-sudo apt install libfile-mimeinfo-perl libhighlight-perl libhtml-tree-perl libimage-magick-perl liblocale-gettext-perl libmailtools-perl libnet-amazon-s3-perl libnet-inet6glue-perl libsearch-xapian-perl libsort-naturally-perl libtext-csv-perl libtext-multimarkdown-perl libtext-textile-perl libtext-typography-perl libtext-wikicreole-perl libtext-wikiformat-perl libxml-feed-perl libxml-writer-perl
-## enable unattended-upgrades
-sudo apt install unattended-upgrades apt-listchanges
-sudo dpkg-reconfigure -plow unattended-upgrades
 ```