diff --git a/home/modules/baseline.nix b/home/modules/baseline.nix
index 3ba9750..0586871 100644
--- a/home/modules/baseline.nix
+++ b/home/modules/baseline.nix
@@ -36,6 +36,7 @@ in {
 
       packages = with pkgs; [
         calc
+        curl
         dysk
         fd
         file
diff --git a/home/modules/default.nix b/home/modules/default.nix
index 3335125..62c5486 100644
--- a/home/modules/default.nix
+++ b/home/modules/default.nix
@@ -22,5 +22,6 @@
     ./pass.nix
     ./halloy.nix
     ./ai.nix
+    ./programming.nix
   ];
 }
diff --git a/home/modules/defaultDesktopPack.nix b/home/modules/defaultDesktopPack.nix
index b973da3..eb3f07b 100644
--- a/home/modules/defaultDesktopPack.nix
+++ b/home/modules/defaultDesktopPack.nix
@@ -65,6 +65,7 @@ in {
         zed.enable = true;
         terminal.enable = true;
         ai.enable = true;
+        programming.enable = true;
       };
     };
   };
diff --git a/home/modules/programming.nix b/home/modules/programming.nix
new file mode 100644
index 0000000..fc1c829
--- /dev/null
+++ b/home/modules/programming.nix
@@ -0,0 +1,32 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.local.programs.programming;
+in {
+  options.local.programs.programming = {
+    enable = mkEnableOption "programming";
+    debugging = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      binutils
+      cmake
+      gcc
+      gnumake
+      pkg-config
+      python314
+      rustup
+      uv
+    ] ++ optionals cfg.debugging [
+      gdb
+      valgrind
+    ];
+  };
+}
diff --git a/home/platforms/fabian@posixlycorrect/shenvs/.gitkeep b/home/platforms/fabian@posixlycorrect/shenvs/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/home/platforms/fabian@posixlycorrect/shenvs/c.nix b/home/platforms/fabian@posixlycorrect/shenvs/c.nix
deleted file mode 100644
index 0ce5ad7..0000000
--- a/home/platforms/fabian@posixlycorrect/shenvs/c.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{pkgs, ...}: {
-  static = true;
-
-  packages = with pkgs; [
-    binutils
-    cmake
-    curl
-    gdb
-    gnumake
-    rustup
-    valgrind
-  ];
-}
diff --git a/home/platforms/fabian@posixlycorrect/shenvs/python.nix b/home/platforms/fabian@posixlycorrect/shenvs/python.nix
deleted file mode 100644
index 4818ea5..0000000
--- a/home/platforms/fabian@posixlycorrect/shenvs/python.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{pkgs, ...}: {
-  static = true;
-
-  packages = with pkgs; [
-    pipenv
-    (python310.withPackages (packages:
-      with packages; [
-        setuptools
-      ]))
-  ];
-}
diff --git a/home/platforms/fabian@t14/shenvs/.gitkeep b/home/platforms/fabian@t14/shenvs/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/home/platforms/fabian@t14/shenvs/c.nix b/home/platforms/fabian@t14/shenvs/c.nix
deleted file mode 100644
index 0ce5ad7..0000000
--- a/home/platforms/fabian@t14/shenvs/c.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{pkgs, ...}: {
-  static = true;
-
-  packages = with pkgs; [
-    binutils
-    cmake
-    curl
-    gdb
-    gnumake
-    rustup
-    valgrind
-  ];
-}
diff --git a/home/platforms/fabian@t14/shenvs/python.nix b/home/platforms/fabian@t14/shenvs/python.nix
deleted file mode 100644
index 4818ea5..0000000
--- a/home/platforms/fabian@t14/shenvs/python.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{pkgs, ...}: {
-  static = true;
-
-  packages = with pkgs; [
-    pipenv
-    (python310.withPackages (packages:
-      with packages; [
-        setuptools
-      ]))
-  ];
-}
diff --git a/sys/modules/default.nix b/sys/modules/default.nix
index 80d9159..3b7cacd 100644
--- a/sys/modules/default.nix
+++ b/sys/modules/default.nix
@@ -19,5 +19,6 @@
     ./borgsync.nix
     ./dufs.nix
     ./defaultDesktopPack.nix
+    ./task-force-beta-bot.nix
   ];
 }
diff --git a/sys/modules/task-force-beta-bot.nix b/sys/modules/task-force-beta-bot.nix
new file mode 100644
index 0000000..9701598
--- /dev/null
+++ b/sys/modules/task-force-beta-bot.nix
@@ -0,0 +1,106 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.local.sys.task-force-beta-bot;
+
+  allowedChatsFile = pkgs.writeText "task-force-beta-bot-allowed-chats" (
+    lib.concatMapStringsSep "\n" toString cfg.allowedChats
+  );
+
+  package = pkgs.rustPlatform.buildRustPackage {
+    pname = "task-force-beta-bot";
+    version = "0.1.0";
+
+    src = pkgs.fetchgit {
+      url = "https://git.posixlycorrect.com/fabian/task-force-beta-bot";
+      rev = "FIXME";
+      hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+    };
+
+    cargoHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+
+    meta = {
+      description = "General-purpose modular Telegram bot";
+      mainProgram = "task_force_beta_bot";
+    };
+  };
+in {
+  options.local.sys.task-force-beta-bot = {
+    enable = lib.mkEnableOption "the Task Force Beta Telegram bot";
+
+    tokenFile = lib.mkOption {
+      type = lib.types.path;
+      description = "Path to the Telegram bot token file.";
+    };
+
+    allowedChats = lib.mkOption {
+      type = lib.types.listOf lib.types.int;
+      description = "List of Telegram chat IDs allowed to use the bot.";
+    };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "task-force-beta-bot";
+      description = "User to run the bot as.";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "task-force-beta-bot";
+      description = "Group for the bot service.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.task-force-beta-bot = {
+      after = ["network.target"];
+      wantedBy = ["multi-user.target"];
+
+      serviceConfig = {
+        ExecStart = "${lib.getExe package} ${cfg.tokenFile} ${allowedChatsFile}";
+        User = cfg.user;
+        Group = cfg.group;
+        Restart = "on-failure";
+        RestartSec = "5s";
+
+        # Hardening
+        CapabilityBoundingSet = "";
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateTmp = true;
+        PrivateUsers = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = ["@system-service" "~@privileged"];
+
+        # Token and allowed chats file access
+        BindReadOnlyPaths = [builtins.storeDir cfg.tokenFile "${allowedChatsFile}"];
+      };
+    };
+
+    users = {
+      users.task-force-beta-bot = lib.mkIf (cfg.user == "task-force-beta-bot") {
+        group = cfg.group;
+        isSystemUser = true;
+      };
+      groups.task-force-beta-bot = lib.mkIf (cfg.group == "task-force-beta-bot") {};
+    };
+  };
+}
diff --git a/sys/platforms/vps/srv/default.nix b/sys/platforms/vps/srv/default.nix
index 0d52a07..94c9fc7 100644
--- a/sys/platforms/vps/srv/default.nix
+++ b/sys/platforms/vps/srv/default.nix
@@ -19,5 +19,6 @@ with lib; {
     ./isso.nix
     ./miniflux.nix
     ./radicale.nix
+    ./task-force-beta-bot.nix
   ];
 }
diff --git a/sys/platforms/vps/srv/task-force-beta-bot.nix b/sys/platforms/vps/srv/task-force-beta-bot.nix
new file mode 100644
index 0000000..e58d781
--- /dev/null
+++ b/sys/platforms/vps/srv/task-force-beta-bot.nix
@@ -0,0 +1,13 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; {
+  local.sys.task-force-beta-bot = {
+    enable = true;
+    tokenFile = "/var/trust/task_force_beta_bot/telegram_token";
+    allowedChats = [ 2186489671 ];
+  };
+}