diff --git a/hosts/hetzner-arm/containers/music/default.nix b/hosts/hetzner-arm/containers/music/default.nix
index 9f8a371..18c84d7 100644
--- a/hosts/hetzner-arm/containers/music/default.nix
+++ b/hosts/hetzner-arm/containers/music/default.nix
@@ -43,6 +43,24 @@ in {
       inherit hostPath;
     };
 
+    bindMounts = {
+      "/dev/fuse" = {
+        hostPath = "/dev/fuse";
+        isReadOnly = false;
+      };
+    };
+
+    allowedDevices = [
+      {
+        modifier = "rwm";
+        node = "/dev/fuse";
+      }
+      {
+        modifier = "rwm";
+        node = "/dev/mapper/control";
+      }
+    ];
+
     config = {...}: {
       nixpkgs.pkgs = pkgs;
 
@@ -57,7 +75,7 @@ in {
         ]
         ++ (with hosts.hetzner-arm.containers.music.profiles; [
           mpd
-          musicSync
+          musicMount
           #soulseek # takes up too much ram :(
         ]);
       home-manager.users.root.imports = with tree; [home.apps.musicutil];
diff --git a/hosts/hetzner-arm/containers/music/profiles/musicMount.nix b/hosts/hetzner-arm/containers/music/profiles/musicMount.nix
new file mode 100644
index 0000000..e475a5a
--- /dev/null
+++ b/hosts/hetzner-arm/containers/music/profiles/musicMount.nix
@@ -0,0 +1,71 @@
+{
+  self,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (pkgs) writeShellScriptBin;
+  inherit (builtins) toFile;
+
+  backupSchedules = import "${self}/data/backupSchedules.nix";
+
+  rcloneConfig = toFile "rclone.conf" ''
+    [Music]
+    type = webdav
+    url = https://storage-webdav.owo.monster/MusicRO/
+    vendor = other
+  '';
+
+  mountMusic = pkgs.writeShellScriptBin "mount-music" ''
+    umount -flR /Music || true
+    rclone --config ${rcloneConfig} mount Music: /Music \
+      --allow-other \
+      --uid=${toString config.users.users.mpd.uid} \
+      --gid=${toString config.users.groups.mpd.gid} \
+      --fast-list \
+      --umask=666 \
+      --cache-dir=/root/.cache/music-mount  \
+      --dir-cache-time=60m \
+      --vfs-cache-mode=full \
+      --vfs-cache-max-size=2g \
+      --vfs-cache-max-age=7d \
+      --log-level=INFO "$@"
+  '';
+in {
+  environment.systemPackages = with pkgs; [
+    rclone
+    (writeShellScriptBin "rclone-music" ''
+      rclone --config ${rcloneConfig} "$@"
+    '')
+    fuse
+    fuse3
+    mountMusic
+  ];
+
+  programs.fuse.userAllowOther = true;
+
+  systemd.services.music-mount = {
+    wantedBy = ["mpd.service"];
+    partOf = ["mpd.service"];
+    path = with pkgs; [
+      fuse
+      fuse3
+    ];
+    serviceConfig.ExecStart = "${mountMusic}/bin/mount-music --syslog";
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /Music - mpd mpd"
+
+    "d /root/.cache - root root"
+    "d /root/.cache/music-mount - root root"
+  ];
+
+  systemd.services.mpd = {
+    wants = ["music-mount.service"];
+    after = ["music-mount.service"];
+    serviceConfig = {
+      ReadOnlyPaths = "/Music";
+    };
+  };
+}
diff --git a/hosts/hetzner-arm/containers/music/profiles/musicSync.nix b/hosts/hetzner-arm/containers/music/profiles/musicSync.nix
deleted file mode 100644
index 035c50e..0000000
--- a/hosts/hetzner-arm/containers/music/profiles/musicSync.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-  self,
-  pkgs,
-  ...
-}: let
-  inherit (pkgs) writeShellScriptBin;
-  inherit (builtins) toFile;
-
-  backupSchedules = import "${self}/data/backupSchedules.nix";
-
-  rcloneConfig = toFile "rclone.conf" ''
-    [Music]
-    type = webdav
-    url = https://storage-webdav.owo.monster/MusicRO/
-    vendor = other
-  '';
-in {
-  environment.systemPackages = with pkgs; [
-    rclone
-    (writeShellScriptBin "rclone-music" ''
-      rclone --config ${rcloneConfig} "$@"
-    '')
-  ];
-
-  systemd.tmpfiles.rules = [
-    "d /Music - mpd mpd"
-  ];
-
-  systemd.services.music-sync = {
-    wantedBy = ["multi-user.target"];
-    after = ["network.target"];
-    partOf = ["mpd.service"];
-
-    path = with pkgs; [bash rclone];
-
-    script = ''
-      set -e
-      rclone --config ${rcloneConfig} sync Music: /Music
-      chown -R mpd:mpd /Music
-    '';
-  };
-
-  systemd.timers.music-sync = {
-    wantedBy = ["timers.target"];
-    partOf = ["music-sync.service"];
-    timerConfig = backupSchedules.music;
-  };
-
-  systemd.services.mpd = {
-    after = ["music-copy.service"];
-    serviceConfig = {
-      ReadOnlyPaths = "/Music";
-    };
-  };
-}
diff --git a/profiles/remoteBuilders.nix b/profiles/remoteBuilders.nix
index 076dd83..34981dc 100644
--- a/profiles/remoteBuilders.nix
+++ b/profiles/remoteBuilders.nix
@@ -40,17 +40,6 @@ in {
         speedFactor = 2;
       }
     ]))
-    (mkIf (currentHostname != "vault") (mkMerge [
-      builderDefaults
-      {
-        hostName = "vault.servers.genderfucked.monster";
-        systems = ["aarch64-linux"];
-        supportedFeatures = ["native-arm64"];
-        publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURGTlFjUTdkbUlRS1lqMUVVTFBlcTI4d2hzMTg2YVZ0WitWU05rd3I2aEkgcm9vdEB2YXVsdAo=";
-        maxJobs = 1;
-        speedFactor = 1;
-      }
-    ]))
   ];
   nix.distributedBuilds = true;
   nix.extraOptions = "builders-use-substitutes = true";