diff --git a/Makefile b/Makefile
index 4b16e03..72e55a7 100644
--- a/Makefile
+++ b/Makefile
@@ -21,16 +21,6 @@ endif
 
 BUNDLEIN := .bundles/qubes-mgmt-salt
 
-
-ifeq (apply, $(firstword $(MAKECMDGOALS)))
-  # use the rest as arguments for "run"
-  APPLY_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
-  # ...and turn them into do-nothing targets
-  $(eval $(APPLY_ARGS):;@:)
-endif
-
-
-
 clean-workdir = git init -q -b $* && git diff --quiet && git diff --cached --quiet || (echo 'dirty tree; check git status' && false)
 
 .PHONY: guard-domu
@@ -45,15 +35,6 @@ create-bundle: guard-domu
 	mkdir -p .bundles
 	git bundle create - --all > .bundles/qubes-mgmt-salt
 
-# cures common weird states (thanks xyhhx for the tip)
-# also try `sudo rm -rf /var/cache/salt /srv/salt/_tops/*`
-.PHONY: cure
-cure:
-	sudo rm -rf /var/cache/salt
-	sudo rm -rf /srv/salt/_tops/user 
-	qubesctl saltutil.clear_cache
-	qubesctl saltutil.sync_all
-
 .PHONY: pull pull/%
 pull: pull/$(shell git branch --show-current)
 pull/%:
@@ -81,11 +62,7 @@ install:
 	mkdir -p /srv/user
 	ln -s $(CURDIR)/salt /srv/user/salt
 
-.PHONY: apply
 apply:
 	install -D -oroot -groot -m0644 conf/z_user.conf /etc/salt/minion.d/z_user.conf
 	install -D -oroot -groot -m0644 conf/overrides.conf /usr/local/etc/salt/minion.d/overrides.conf
-	
-	qubesctl top.enable $(APPLY_ARGS)
-	qubesctl --show-output state.apply $(APPLY_ARGS) saltenv=user
-	qubesctl top.disable $(APPLY_ARGS)
+	run0 qubesctl top.enable dom0
diff --git a/conf/z_user.conf b/conf/z_user.conf
index 38b5a3a..aabc9dc 100644
--- a/conf/z_user.conf
+++ b/conf/z_user.conf
@@ -15,6 +15,3 @@ pillar_roots:
 
 formula_dirs: ['/srv/formulas', '/srv/user/formulas']
 
-include:
-  - minion.d/*
-  - /usr/local/etc/salt/minion.d/*.conf
diff --git a/salt/guardian-vms.sls b/salt/guardian-vms.sls
new file mode 100644
index 0000000..6e64d1c
--- /dev/null
+++ b/salt/guardian-vms.sls
@@ -0,0 +1,18 @@
+create-guardian-template:
+  qvm.vm:
+    - name: guardian-template
+    - clone: 
+      - source: fedora-42
+      - label: black
+    - prefs:
+      - netvm: ""
+
+create-app:
+  qvm.vm:
+    - name: app
+    - present:
+      - template: guardian-template
+      - label: green
+    - prefs:
+      - template: guardian-template
+      - netvm: ""
diff --git a/salt/guardian.top b/salt/guardian.top
new file mode 100644
index 0000000..fef8227
--- /dev/null
+++ b/salt/guardian.top
@@ -0,0 +1,3 @@
+user:
+  dom0:
+    - guardian-vms
diff --git a/salt/salty.sls b/salt/salty.sls
deleted file mode 100644
index af19ef9..0000000
--- a/salt/salty.sls
+++ /dev/null
@@ -1,18 +0,0 @@
-create-template:
-  qvm.vm:
-    - name: super-salty-template
-    - clone: 
-      - source: fedora-42
-      - label: black
-    - prefs:
-      - netvm: ""
-
-create-app:
-  qvm.vm:
-    - name: salty-appvm
-    - present:
-      - template: super-salty-template
-      - label: black
-    - prefs:
-      - template: super-salty-template
-      - netvm: ""
diff --git a/salt/salty.top b/salt/salty.top
deleted file mode 100644
index ed63f61..0000000
--- a/salt/salty.top
+++ /dev/null
@@ -1,3 +0,0 @@
-user:
-  dom0:
-    - salty