diff --git a/flake.lock b/flake.lock
index adff398..acf6c48 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,14 +8,17 @@
         ],
         "nixpkgs": [
           "nixpkgs"
+        ],
+        "systems": [
+          "systems"
         ]
       },
       "locked": {
-        "lastModified": 1701216516,
-        "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
+        "lastModified": 1703433843,
+        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
+        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
         "type": "github"
       },
       "original": {
@@ -33,11 +36,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1673295039,
-        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
         "type": "github"
       },
       "original": {
@@ -50,11 +53,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -70,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1701473968,
-        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "lastModified": 1704982712,
+        "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "rev": "07f6395285469419cf9d078f59b5b49993198c00",
         "type": "github"
       },
       "original": {
@@ -86,14 +89,16 @@
     },
     "futils": {
       "inputs": {
-        "systems": "systems"
+        "systems": [
+          "systems"
+        ]
       },
       "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -111,11 +116,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "lastModified": 1703887061,
+        "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
         "type": "github"
       },
       "original": {
@@ -131,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1702538064,
-        "narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
+        "lastModified": 1705879479,
+        "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
+        "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
         "type": "github"
       },
       "original": {
@@ -147,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1702312524,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "lastModified": 1705856552,
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
         "type": "github"
       },
       "original": {
@@ -163,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1702558663,
-        "narHash": "sha256-MHq/DdwsBwsTRqwFg1JuFtcoGArgvaH/XwbxgWQ4Zn0=",
+        "lastModified": 1705927265,
+        "narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "b839a2bae27c0c14dd99dcc1f6d18f83b0af59bd",
+        "rev": "a29c6f71063d0ce903e927fa7885651c00abd33b",
         "type": "github"
       },
       "original": {
@@ -192,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1702456155,
-        "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
+        "lastModified": 1705757126,
+        "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc",
+        "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
         "type": "github"
       },
       "original": {
@@ -214,7 +219,8 @@
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
-        "pre-commit-hooks": "pre-commit-hooks"
+        "pre-commit-hooks": "pre-commit-hooks",
+        "systems": "systems"
       }
     },
     "systems": {
@@ -228,6 +234,7 @@
       },
       "original": {
         "owner": "nix-systems",
+        "ref": "main",
         "repo": "default",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 8e46ea3..9c29183 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,6 +9,7 @@
       inputs = {
         home-manager.follows = "home-manager";
         nixpkgs.follows = "nixpkgs";
+        systems.follows = "systems";
       };
     };
 
@@ -27,6 +28,9 @@
       owner = "numtide";
       repo = "flake-utils";
       ref = "main";
+      inputs = {
+        systems.follows = "systems";
+      };
     };
 
     home-manager = {
@@ -64,6 +68,13 @@
         nixpkgs-stable.follows = "nixpkgs";
       };
     };
+
+    systems = {
+      type = "github";
+      owner = "nix-systems";
+      repo = "default";
+      ref = "main";
+    };
   };
 
   # Can't eta-reduce a flake outputs...
diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix
index 4490c51..a969d8a 100644
--- a/hosts/homes/ambroisie@bazin/default.nix
+++ b/hosts/homes/ambroisie@bazin/default.nix
@@ -1,4 +1,4 @@
-# Google Cloudtop configuration
+# Google Laptop configuration
 { lib, pkgs, ... }:
 {
   services.gpg-agent.enable = lib.mkForce false;
diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix
index 66a0892..dfe9dbe 100644
--- a/hosts/nixos/aramis/home.nix
+++ b/hosts/nixos/aramis/home.nix
@@ -2,7 +2,7 @@
 {
   my.home = {
     # Use graphical pinentry
-    bitwarden.pinentry = "gtk2";
+    bitwarden.pinentry = "qt";
     # Ebook library
     calibre.enable = true;
     # Some amount of social life
@@ -14,7 +14,7 @@
     # Blue light filter
     gammastep.enable = true;
     # Use a small popup to enter passwords
-    gpg.pinentry = "gtk2";
+    gpg.pinentry = "qt";
     # Machine specific packages
     packages.additionalPackages = with pkgs; [
       element-desktop # Matrix client
diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age
index 97d397c..fce2a84 100644
--- a/hosts/nixos/porthos/secrets/acme/dns-key.age
+++ b/hosts/nixos/porthos/secrets/acme/dns-key.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo
-NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c
--> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw
-j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68
--> z}.q-grease s2W<qM_Z t
-n1Yfs/gmNsl/n9HtuKBIIT8iwIjYca2yxlh7Q1XAT1B+RZ8oGjW8yCPj1unbDGZL
-e5BfLO3zgkEZnQ
---- FSgNKEdDeeTjCx9jN9UtOFl58mC/Lbu1PAYRGK0CZW4
-U€¿+æ©jïÝ{gø`GŽ›ÆàÂˆR¾Qk]šóïdÐ6å˜ú‚y5T²$ÄÃ±s~Ùh‰Ä£òÔFº¢ç%°vöÌm
\ No newline at end of file
+-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
+zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
+-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
+uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
+--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
+¾r ú&…¥‹{~v?¨}=Ä
+}+¿SQ’M[²]Œ±kMÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age
index b8ea008..63f0d32 100644
Binary files a/hosts/nixos/porthos/secrets/backup/credentials.age and b/hosts/nixos/porthos/secrets/backup/credentials.age differ
diff --git a/hosts/nixos/porthos/secrets/backup/password.age b/hosts/nixos/porthos/secrets/backup/password.age
index 3af9fbe..db3c2fa 100644
--- a/hosts/nixos/porthos/secrets/backup/password.age
+++ b/hosts/nixos/porthos/secrets/backup/password.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4
-F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw
--> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI
-P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ
--> *z4/`-grease S/)a{e sFd";=
---- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA
-õ#+¥àÎvøSÈ4èá}§Rì%‹Î¯F4fnDœ˜J¹¤Z‹¸A¥Û™,_
\ No newline at end of file
+-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
+Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
+-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
+xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
+--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
+<¥ö¡Ãñ<ýØ{VÇ?ñfk/¤áI®"ï×/5K"Š¸(ì¢ùiÃÔôìñ
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age
index 90ff83b..6b68503 100644
Binary files a/hosts/nixos/porthos/secrets/drone/gitea.age and b/hosts/nixos/porthos/secrets/drone/gitea.age differ
diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age
index c529200..d6e7330 100644
--- a/hosts/nixos/porthos/secrets/drone/secret.age
+++ b/hosts/nixos/porthos/secrets/drone/secret.age
@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y
-oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM
--> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc
-/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0
--> *Lc$@-grease
-pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN
---- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY
-YžŠXjb2uþnd;i0íýX]…§é0–þjé’L„PÔT~óú ƒÙ^kc”$D×ÚÛr¹úu³¶fr€e¸OÕ¸þ+p•¨&ãw®öÏ¨
\ No newline at end of file
+-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
+tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
+-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
+O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
+--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
++Ü¢6JNmÑq¶Ý[Eb1p)vD¾¿öPL9’Í€zåÒùªìÔ!¿€»ß‡…'‡Téaîˆ¾íÚd5©U:[¿Ød¿ÏR“×M’pŽñzj“
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age
index 0211701..737777d 100644
Binary files a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age and b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age differ
diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age
index 915f8e9..e2e70ac 100644
--- a/hosts/nixos/porthos/secrets/gitea/mail-password.age
+++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age
@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M
-7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo
--> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww
-bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs
--> jK/-grease Oz.R ?;)G ],
-AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok
---- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18
-)gÐªeuÞ!œš-ÞTì¥YAðM+ˆãGbMe@­|A,è&ãÆE!Ü†p=P²=û9¹ÙP¹!Üö’Q|Ðä r
\ No newline at end of file
+-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig
+gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg
+-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o
+r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os
+--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s
+Ž+)´”¯ÛPô¢nåWT,.‹²eÚNW€Îñ YÆ±kçÿF4Ê#=˜)üîò™6Ö±ÛmÈµîJ‹ª#
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age
index fa310b4..1d9c5ba 100644
Binary files a/hosts/nixos/porthos/secrets/lohr/secret.age and b/hosts/nixos/porthos/secrets/lohr/secret.age differ
diff --git a/hosts/nixos/porthos/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age
index 30a5e25..477a4d1 100644
Binary files a/hosts/nixos/porthos/secrets/lohr/ssh-key.age and b/hosts/nixos/porthos/secrets/lohr/ssh-key.age differ
diff --git a/hosts/nixos/porthos/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age
index 1fe3a71..94ddf8c 100644
--- a/hosts/nixos/porthos/secrets/matrix/mail.age
+++ b/hosts/nixos/porthos/secrets/matrix/mail.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s
-ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M
--> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw
-/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI
--> 32;%1s-grease
-JafjuSZty6a4NSO/y4y5wHWL8Mw
---- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY
-oi,`ÓÜ#uÄwW%PoubÚ­cy8óƒÃÉ><¿F‰Ååq…ÂKÃ‚Çk0Çk/hÀ¥Ÿ5åŠ¿ÝF+ýu‡ •e€¾Ÿ²óôbãè>1QŠ2®ñwn˜WbÖ–B˜âîiŸ^xurâ†-/llùÒÀÀ-ã=°7;jã0»I×%Fi¼í€ø‹™A;Y†ìUd]KÅI0(½ ”øAg£Ðóž^†uG:äpkJ’Ÿ:q¢šWSaLw¯¿Ô!ïM³4ã L/ùZÅ‡®¢D¶-XéUb»‘vÊbP‚ó›0ÇÅfÂ9êú †âJ`ÃX°ôÐOÅ!s›{ÙÄQAšc€c;ÏÃÑ‹4öMíÚ†Ý¹lxH&ïéöé{é}ÁäÛzZ¦œ‚9Ã»ÊXžÜ“g‰]VÏ±•0gt¡¿…žw·
\ No newline at end of file
+-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA
+QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg
+-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8
+eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc
+--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc
+¹Ã@ÚlôQûsÈ„ÿ×£©Dƒ}^{ºžá¾X)¸nYóJhXhg8wƒž´ ­ “ú°˜Ó¨Ç‚Çw–‡y(œ–aè¸ìê.0>|ÚPSlOÃ|ÈÊE‰õÂÙé°€¡BWó_ˆ³ÜÌ)|x4©„šºë\_F¶
+ZÒo0=dts –j[ùŽõ0O+ÑÕRž8±‡ÕiüËçŽÜ»ˆõŒæÆdÀ«ß8j»â©ê
+‚g¹©‘–$xŒÿÃ²¥Æbâ÷í­˜äX·¢gÂ^¼íùG¼Êô¤Ž$UÏûB*ö°é²¡£ÈÔ)[t¶ÃHa•vŸ7ÌÑj£âD.z¸+¬[~–õÁÃé9Ùýàz¼øô`sé¶,_!^YÓïÊ¯2H¹øS‹¿¼©øÅøý*âñó@êjZ^ˆôæÎv~Øº¶@ò
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age
index 539c33e..2c8852d 100644
Binary files a/hosts/nixos/porthos/secrets/matrix/secret.age and b/hosts/nixos/porthos/secrets/matrix/secret.age differ
diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
index d375a35..e938cfa 100644
--- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
+++ b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
@@ -1,9 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk
-HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU
--> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc
-JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8
--> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl<D{T-
-+fAc0cajqxhYWu55HCY
---- SrmtWXQXGYxNTabSrb5tBRXHnK1F22Qoiy7hKYrrF+0
-ñD·û²:,õn0i½Àß^ÆŠ`üÔ2Æ#y'ý9ÖñÓÒŽéÿær]ÀØ›¹x“³S=ú°ˆôuJéEÛóc€lH Ê~eÅ‚›ŸKtévo'êv+
\ No newline at end of file
+-> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
+OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
+-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
+cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
+--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
+"W9Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ
+Û}ð§ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆBÃUpJClï²OÈ™³œnOÁ\
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/miniflux/credentials.age b/hosts/nixos/porthos/secrets/miniflux/credentials.age
index 9790159..00d89a4 100644
Binary files a/hosts/nixos/porthos/secrets/miniflux/credentials.age and b/hosts/nixos/porthos/secrets/miniflux/credentials.age differ
diff --git a/hosts/nixos/porthos/secrets/monitoring/password.age b/hosts/nixos/porthos/secrets/monitoring/password.age
index 410536f..67c75e6 100644
--- a/hosts/nixos/porthos/secrets/monitoring/password.age
+++ b/hosts/nixos/porthos/secrets/monitoring/password.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y
-yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg
--> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4
-di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10
--> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s
-yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/
-CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q
---- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0
-.|…rr>©†ðìì1ÅÆ2SÉž.×hwwqºš%i˜øé	‚*U^­)Öè'qžµ›O2ÓœümòQÝ7˜¯m`
\ No newline at end of file
+-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E
+Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI
+-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM
+rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI
+--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM
+äBLsœ ‹?ÖsÓ“s2Îy
+R0¹‘!<fü9txB7dòˆ™ÚŠò^©ô É‡LJ&ñW€<©e]
+þ/$$
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/monitoring/secret-key.age b/hosts/nixos/porthos/secrets/monitoring/secret-key.age
index 4cef94f..6ea8c54 100644
Binary files a/hosts/nixos/porthos/secrets/monitoring/secret-key.age and b/hosts/nixos/porthos/secrets/monitoring/secret-key.age differ
diff --git a/hosts/nixos/porthos/secrets/nextcloud/password.age b/hosts/nixos/porthos/secrets/nextcloud/password.age
index 9fd3c53..9039eea 100644
Binary files a/hosts/nixos/porthos/secrets/nextcloud/password.age and b/hosts/nixos/porthos/secrets/nextcloud/password.age differ
diff --git a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age
index e0fb5be..17732ed 100644
Binary files a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age and b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age differ
diff --git a/hosts/nixos/porthos/secrets/paperless/password.age b/hosts/nixos/porthos/secrets/paperless/password.age
index 3fe76cb..8d545fd 100644
--- a/hosts/nixos/porthos/secrets/paperless/password.age
+++ b/hosts/nixos/porthos/secrets/paperless/password.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE
-fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I
--> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM
-8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo
--> xjK'w-grease
-f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg
---- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE
-š×—®JÚ dõ– oªê'YFUŸ@
-r7”ã“_N$‰ÿ–è‡>‚¡ê]hq»-¨FÛ°qXÿ?Î|?µÊ
\ No newline at end of file
+-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ
+92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w
+-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY
+qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE
+--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc
+x²Ž‚ê Ã>ùý²ç¦©ðóÁÇ_ÏC9d™T5ŸûKzÐ„qØcZ©°É¾pŒš¾¡ à¹ƒºv
+)Œ³õ²¥
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age
index eae5c56..70cb898 100644
--- a/hosts/nixos/porthos/secrets/paperless/secret-key.age
+++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age
@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4
-Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI
--> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs
-KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0
--> 2E"/OFW-grease o Qp3HFe^
-bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh
-TCJCTvZG31Qxvikp
---- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY
-Tª/N¯¨¹i7m4‚#³MhiñP¹šÒÞ›Á¥-ÏgI÷ñ±%@E†(›iÿ7·ý©ýYg¦k±´"+ã¸ Àª(þ]o¨¸–ý†ð@báÊÞ§+Ï[‚Y"ÿ‘ÌBóóCR[ >-Ë.4d…¤b9v
\ No newline at end of file
+-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4
+LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q
+-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk
+6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0
+--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo
+°c#Ž=^Ì~?5ú-w—NT†Ì¡¨+¶¨Ä!z¥ "’ Zö"2ºëðù×M!pž5×V¬ÈÛjçÎ¡Ñ¡Žâ¥âL¹ÁÌyóÐÅ¹úš›n÷ÄŠ8zQö°+¨ËÁØ©9WSµ§Æ0¨u}YÃš
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age
index 90e2501..d50dc28 100644
--- a/hosts/nixos/porthos/secrets/podgrab/password.age
+++ b/hosts/nixos/porthos/secrets/podgrab/password.age
@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs
-ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU
--> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0
-MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY
--> COK%H7-grease
-6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ
---- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo
-¿vývû´ÊNÊbæ@Ÿ¡ÂFÛMMíYËÆíÌ&‰’/%¤¹Ñm¨®ØtÁÖ“ªd†h„­|¡ðŒß©8¼Ž Ú½¨9‚®Cã¯/Å
\ No newline at end of file
+-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc
+FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw
+-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY
+RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc
+--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8
+{RÜ÷h×=42üéyöÐ™ü¯’­Ãjš†›øìMWQ¤ûì%áX½‘î	Œ°ú]•ÔöJ•ÙK„ÒÄå]ÏF®Ó?ûäQKŽ•¢
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
index 10d9eaa..efbd945 100644
Binary files a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age and b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age differ
diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
index c5ce19b..211bec3 100644
Binary files a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age and b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age differ
diff --git a/hosts/nixos/porthos/secrets/sso/auth-key.age b/hosts/nixos/porthos/secrets/sso/auth-key.age
index 4e05b15..1c12470 100644
Binary files a/hosts/nixos/porthos/secrets/sso/auth-key.age and b/hosts/nixos/porthos/secrets/sso/auth-key.age differ
diff --git a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age
index 2ec147d..d6db371 100644
Binary files a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age and b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age differ
diff --git a/hosts/nixos/porthos/secrets/transmission/credentials.age b/hosts/nixos/porthos/secrets/transmission/credentials.age
index 4f407fa..16f90b6 100644
--- a/hosts/nixos/porthos/secrets/transmission/credentials.age
+++ b/hosts/nixos/porthos/secrets/transmission/credentials.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g
-f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U
--> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY
-hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA
--> J<-grease
-n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN
-chDccuSPLYk45Ov+SD/qqqFZlQ
---- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM
-‚¢ìÛ±S·7 ‘ý£÷ÜãV»»Bðßâø±³ˆ¶ïO‰lEt˜‹Á…šqý</Ç—Ø©9²ã(ØP†$Wƒ0h;÷‰±àJy¯feø‚ >·_D,PºVFp\æ"AM}èg?ÿÝ/\²Ä;ùy’¬Óš(ÑSñKË
\ No newline at end of file
+-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM
+FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU
+-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM
+NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ
+--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs
+®àµÕ¨ENÜžämÂ›Û2uÂ~Ju¼b´´t[Ý$Tñþ^‘2–°½jœÙÜi@xªÒ¸*Ä°g[MÞH½½Xš!”‰6Áez¼…¥DW]ÓÕ<‰–`XÛâêÁÜÄPóéý÷ÃÞ›
+¶¥q*Îo¼½ÃÑ$‚åÓ<²
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age
index 4c83acd..864e5be 100644
Binary files a/hosts/nixos/porthos/secrets/vikunja/mail.age and b/hosts/nixos/porthos/secrets/vikunja/mail.age differ
diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age
index 4abe1e5..d7e292e 100644
--- a/hosts/nixos/porthos/secrets/wireguard/private-key.age
+++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age
@@ -1,10 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w
-sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA
--> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY
-ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw
--> l-grease |PIcZ NIr >0;*
-4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I
-m51A8uWS4nSj36N/76v6K4kelxKzWUg
---- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw
-ýqýÕ$ò`¿w'èS“X¸]¥á÷ø®úî…?¤6‹Ð/ÆN(Bžò N«a”.ÿ HŽ7¿í•Iú÷Àoz‡/4:sK",7J
\ No newline at end of file
+-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI
+NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w
+-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA
+nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M
+--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0
+Bb<ÅŒb!ÏëE?:ÇÓô=÷srJCœüKz5ø®Ô{–Æ4`¾&N0€ÕÈö¹57ñüví’©+´1
++(d§á¡{ìQŠÙ
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age
index e6ede6c..11817ff 100644
Binary files a/hosts/nixos/porthos/secrets/woodpecker/gitea.age and b/hosts/nixos/porthos/secrets/woodpecker/gitea.age differ
diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age
index 63a4862..89bcb6b 100644
--- a/hosts/nixos/porthos/secrets/woodpecker/secret.age
+++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age
@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY
-6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8
--> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I
-L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ
--> I[G-grease p
-AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr
-wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1
---- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q
-ÑmW„r‚µœ_\)Í°]QŠ¦xMÃs/ÝƒÎÝªäœó‚Í6óº“k±äÅY§xïMy¶ J¿¸‹GßÃ)i2_'ÖœHF€þ.âg_Îe5³#uätñØÕ 7j„ŽPñ²'TÞ¥8´•\IàW«UùäK­°1Úº9½è
\ No newline at end of file
+-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0
+cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU
+-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k
+nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0
+--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0
+¨›Ãd>ò±cE?nb¹vš_²'2ûûà³Õµ¥_6P›u:ÊusºE“8õ“ØÏ“xuÚ¶Ìª…ÎxùÌ§ïžC[†®°ˆÁ.õêŽ6‰¯  qÌÀÍîJ°Ä5GäKÌ)N<ÊyYÉ¥tX=l7T´2­¨ùRÙ
\ No newline at end of file
diff --git a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
index 0211701..b0b7b46 100644
Binary files a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age and b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age differ
diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index d73cdc1..2c65661 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -10,6 +10,9 @@ in
     adblock = {
       enable = true;
     };
+    aria = {
+      enable = true;
+    };
     # Backblaze B2 backup
     backup = {
       enable = true;
diff --git a/modules/home/default.nix b/modules/home/default.nix
index 8ba3a8d..4dcfc35 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -23,6 +23,7 @@
     ./gtk
     ./htop
     ./jq
+    ./keyboard
     ./mail
     ./mpv
     ./nix
diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc
index 31d3cb7..4dc53cf 100644
--- a/modules/home/firefox/tridactyl/tridactylrc
+++ b/modules/home/firefox/tridactyl/tridactylrc
@@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
 bindurl reddit.com gu urlparent 3
 
 " Only hint search results on Google
-bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
-bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
+bindurl www.google.com f hint -Jc #search a
+bindurl www.google.com F hint -Jbc #search a
 
 " Only hint search results on DuckDuckGo
 bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]
@@ -69,8 +69,6 @@ unbind <C-f>
 " Redirections {{{
 " Always redirect Reddit to the old site
 autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
-" Use a better Twitter front-end
-autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net")
 " }}}
 
 " Disabled websites {{{
diff --git a/modules/home/x/keyboard/default.nix b/modules/home/keyboard/default.nix
similarity index 50%
rename from modules/home/x/keyboard/default.nix
rename to modules/home/keyboard/default.nix
index 40af800..2216a08 100644
--- a/modules/home/x/keyboard/default.nix
+++ b/modules/home/keyboard/default.nix
@@ -1,8 +1,12 @@
 { config, lib, ... }:
 let
-  cfg = config.my.home.x;
+  cfg = config.my.home.keyboard;
 in
 {
+  options.my.home.keyboard = with lib; {
+    enable = my.mkDisableOption "keyboard configuration";
+  };
+
   config = lib.mkIf cfg.enable {
     home.keyboard = {
       layout = "fr";
diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix
index 9aef379..931c252 100644
--- a/modules/home/mpv/default.nix
+++ b/modules/home/mpv/default.nix
@@ -13,6 +13,7 @@ in
 
       scripts = [
         pkgs.mpvScripts.mpris # Allow controlling using media keys
+        pkgs.mpvScripts.uosc # Nicer UI
       ];
     };
   };
diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim
new file mode 100644
index 0000000..0cec9df
--- /dev/null
+++ b/modules/home/vim/after/ftplugin/gn.vim
@@ -0,0 +1,6 @@
+" Create the `b:undo_ftplugin` variable if it doesn't exist
+call ftplugined#check_undo_ft()
+
+" Set comment string, as it seems that no official GN support exists upstream
+setlocal commentstring=#\ %s
+let b:undo_ftplugin.='|setlocal commentstring<'
diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua
index cfa15d2..68a30ed 100644
--- a/modules/home/vim/ftdetect/automake.lua
+++ b/modules/home/vim/ftdetect/automake.lua
@@ -1,4 +1,4 @@
--- Use Automake filetype for `local.am` files, explicit `set` to force override
+-- Use Automake filetype for `local.am` files
 vim.filetype.add({
     filename = {
         ["local.am"] = "automake",
diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua
new file mode 100644
index 0000000..2f4f1dd
--- /dev/null
+++ b/modules/home/vim/ftdetect/glsl.lua
@@ -0,0 +1,7 @@
+-- Use GLSL filetype for common shader file extensions
+vim.filetype.add({
+    extension = {
+        frag = "glsl",
+        vert = "glsl",
+    },
+})
diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua
new file mode 100644
index 0000000..37d772e
--- /dev/null
+++ b/modules/home/vim/ftdetect/gn.lua
@@ -0,0 +1,7 @@
+-- Use GN filetype for Chromium Generate Ninja files
+vim.filetype.add({
+    extension = {
+        gn = "gn",
+        gni = "gn",
+    },
+})
diff --git a/modules/home/wm/i3bar/default.nix b/modules/home/wm/i3bar/default.nix
index 5dbb505..5ae0e7d 100644
--- a/modules/home/wm/i3bar/default.nix
+++ b/modules/home/wm/i3bar/default.nix
@@ -74,7 +74,7 @@ in
             )
             {
               block = "net";
-              format = " $icon{| $ssid|} $ip{| $signal_strength|} ";
+              format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} ";
             }
             {
               block = "backlight";
diff --git a/modules/home/x/default.nix b/modules/home/x/default.nix
index 0312bc4..c320e52 100644
--- a/modules/home/x/default.nix
+++ b/modules/home/x/default.nix
@@ -3,10 +3,6 @@ let
   cfg = config.my.home.x;
 in
 {
-  imports = [
-    ./keyboard
-  ];
-
   options.my.home.x = with lib; {
     enable = mkEnableOption "X server configuration";
   };
diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix
new file mode 100644
index 0000000..a31b6f6
--- /dev/null
+++ b/modules/nixos/services/aria/default.nix
@@ -0,0 +1,70 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.aria;
+in
+{
+  options.my.services.aria = with lib; {
+    enable = mkEnableOption "";
+
+    rpcPort = mkOption {
+      type = types.port;
+      default = 6800;
+      example = 8080;
+      description = "RPC port";
+    };
+
+    downloadDir = mkOption {
+      type = types.str;
+      default = "/data/downloads";
+      example = "/var/lib/transmission/download";
+      description = "Download directory";
+    };
+
+    # FIXME: secrets file
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.aria2 = {
+      enable = true;
+
+      inherit (cfg) downloadDir;
+
+      rpcListenPort = cfg.rpcPort;
+    };
+
+    # Expose DHT ports, but not RPC ports
+    networking.firewall = {
+      allowedUDPPortRanges = config.services.aria2.listenPortRange;
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    systemd.services.aria2 = {
+      serviceConfig = {
+        Group = lib.mkForce "media"; # Use 'media' group
+      };
+    };
+
+    my.services.nginx.virtualHosts = [
+      {
+        subdomain = "aria-rpc";
+        port = cfg.rpcPort;
+        # Proxy websockets for RPC
+        extraConfig = {
+          locations."/".proxyWebsockets = true;
+        };
+      }
+      {
+        subdomain = "aria";
+        root = "${pkgs.ariang}/share/ariang";
+        # For paranoia, don't allow anybody to use the UI unauthenticated
+        sso = {
+          enable = true;
+        };
+      }
+    ];
+
+    # FIXME: fail2ban rules
+  };
+}
diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix
index 4b646c3..3e68df2 100644
--- a/modules/nixos/services/blog/default.nix
+++ b/modules/nixos/services/blog/default.nix
@@ -5,11 +5,10 @@ let
   domain = config.networking.domain;
 
   makeHostInfo = subdomain: {
-    inherit subdomain;
     root = "/var/www/${subdomain}";
   };
 
-  hostsInfo = map makeHostInfo [ "cv" "dev" "key" ];
+  hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ];
 in
 {
   options.my.services.blog = {
diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix
index 858851c..b7bf9df 100644
--- a/modules/nixos/services/calibre-web/default.nix
+++ b/modules/nixos/services/calibre-web/default.nix
@@ -40,12 +40,11 @@ in
     # Set-up media group
     users.groups.media = { };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "library";
+    my.services.nginx.virtualHosts = {
+      library = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
 
     my.services.backup = {
       paths = [
diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index b27570d..3e2b3c8 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./adblock
+    ./aria
     ./backup
     ./blog
     ./calibre-web
diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix
index d651f85..a3a1e49 100644
--- a/modules/nixos/services/drone/server/default.nix
+++ b/modules/nixos/services/drone/server/default.nix
@@ -45,11 +45,10 @@ in
       }];
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "drone";
+    my.services.nginx.virtualHosts = {
+      drone = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix
index ff5d941..155e73d 100644
--- a/modules/nixos/services/flood/default.nix
+++ b/modules/nixos/services/flood/default.nix
@@ -40,11 +40,10 @@ in
       };
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "flood";
+    my.services.nginx.virtualHosts = {
+      flood = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix
index 00ba941..4a8a3bb 100644
--- a/modules/nixos/services/gitea/default.nix
+++ b/modules/nixos/services/gitea/default.nix
@@ -116,18 +116,16 @@ in
     };
     users.groups.git = { };
 
-    my.services.nginx.virtualHosts = [
+    my.services.nginx.virtualHosts = {
       # Proxy to Gitea
-      {
-        subdomain = "git";
+      git = {
         inherit (cfg) port;
-      }
+      };
       # Redirect `gitea.` to actual forge subdomain
-      {
-        subdomain = "gitea";
+      gitea = {
         redirect = config.services.gitea.settings.server.ROOT_URL;
-      }
-    ];
+      };
+    };
 
     my.services.backup = {
       paths = [
diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix
index fb06a0b..8a42345 100644
--- a/modules/nixos/services/indexers/default.nix
+++ b/modules/nixos/services/indexers/default.nix
@@ -28,12 +28,11 @@ in
         };
       };
 
-      my.services.nginx.virtualHosts = [
-        {
-          subdomain = "jackett";
+      my.services.nginx.virtualHosts = {
+        jackett = {
           port = jackettPort;
-        }
-      ];
+        };
+      };
     })
 
     (lib.mkIf cfg.nzbhydra.enable {
@@ -41,12 +40,11 @@ in
         enable = true;
       };
 
-      my.services.nginx.virtualHosts = [
-        {
-          subdomain = "nzbhydra";
+      my.services.nginx.virtualHosts = {
+        nzbhydra = {
           port = nzbhydraPort;
-        }
-      ];
+        };
+      };
     })
 
     (lib.mkIf cfg.prowlarr.enable {
@@ -54,12 +52,11 @@ in
         enable = true;
       };
 
-      my.services.nginx.virtualHosts = [
-        {
-          subdomain = "prowlarr";
+      my.services.nginx.virtualHosts = {
+        prowlarr = {
           port = prowlarrPort;
-        }
-      ];
+        };
+      };
 
       services.fail2ban.jails = {
         prowlarr = ''
diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix
index 2fcf51e..f5aaa99 100644
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@@ -17,9 +17,15 @@ in
     # Set-up media group
     users.groups.media = { };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "jellyfin";
+    systemd.services.jellyfin = {
+      serviceConfig = {
+        # Loose umask to make Jellyfin metadata more broadly readable
+        UMask = lib.mkForce "0002";
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      jellyfin = {
         port = 8096;
         extraConfig = {
           locations."/" = {
@@ -33,7 +39,7 @@ in
             proxyWebsockets = true;
           };
         };
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix
index 245567c..dd4eea8 100644
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@@ -98,11 +98,10 @@ in
     };
     users.groups.lohr = { };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "lohr";
+    my.services.nginx.virtualHosts = {
+      lohr = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix
index 52b60c5..b958f76 100644
--- a/modules/nixos/services/matrix/default.nix
+++ b/modules/nixos/services/matrix/default.nix
@@ -104,23 +104,22 @@ in
       extraConfigFiles = [
         cfg.mailConfigFile
       ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
-
-      sliding-sync = {
-        enable = true;
-
-        settings = {
-          SYNCV3_SERVER = "https://${matrixDomain}";
-          SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
-        };
-
-        environmentFile = cfg.slidingSync.secretFile;
-      };
     };
 
-    my.services.nginx.virtualHosts = [
+    services.matrix-sliding-sync = {
+      enable = true;
+
+      settings = {
+        SYNCV3_SERVER = "https://${matrixDomain}";
+        SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
+      };
+
+      environmentFile = cfg.slidingSync.secretFile;
+    };
+
+    my.services.nginx.virtualHosts = {
       # Element Web app deployment
-      {
-        subdomain = "chat";
+      chat = {
         root = pkgs.element-web.override {
           conf = {
             default_server_config = {
@@ -145,22 +144,19 @@ in
             };
           };
         };
-      }
+      };
       # Dummy VHosts for port collision detection
-      {
-        subdomain = "matrix-federation";
+      matrix-federation = {
         port = federationPort.private;
-      }
-      {
-        subdomain = "matrix-client";
+      };
+      matrix-client = {
         port = clientPort.private;
-      }
+      };
       # Sliding sync
-      {
-        subdomain = "matrix-sync";
+      matrix-sync = {
         inherit (cfg.slidingSync) port;
-      }
-    ];
+      };
+    };
 
     # Those are too complicated to use my wrapper...
     services.nginx.virtualHosts = {
@@ -185,7 +181,7 @@ in
 
             # Sliding sync
             "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
-              proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
+              proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
             };
           };
 
diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix
index 6d9ffc8..5104c8b 100644
--- a/modules/nixos/services/miniflux/default.nix
+++ b/modules/nixos/services/miniflux/default.nix
@@ -43,11 +43,10 @@ in
       };
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "reader";
+    my.services.nginx.virtualHosts = {
+      reader = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix
index 829bfe0..49919c1 100644
--- a/modules/nixos/services/monitoring/default.nix
+++ b/modules/nixos/services/monitoring/default.nix
@@ -125,11 +125,10 @@ in
       ];
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "monitoring";
+    my.services.nginx.virtualHosts = {
+      monitoring = {
         inherit (cfg.grafana) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix
index 6c001fd..944a97a 100644
--- a/modules/nixos/services/navidrome/default.nix
+++ b/modules/nixos/services/navidrome/default.nix
@@ -47,11 +47,10 @@ in
       };
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "music";
+    my.services.nginx.virtualHosts = {
+      music = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index 65b7234..580e9ea 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -31,7 +31,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud27;
+      package = pkgs.nextcloud28;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;
@@ -41,7 +41,12 @@ in
         adminpassFile = cfg.passwordFile;
         dbtype = "pgsql";
         dbhost = "/run/postgresql";
-        overwriteProtocol = "https"; # Nginx only allows SSL
+      };
+
+      https = true;
+
+      extraOptions = {
+        overwriteprotocol = "https"; # Nginx only allows SSL
       };
 
       notify_push = {
diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index 6ca2e42..7980ad9 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -5,10 +5,11 @@ let
 
   domain = config.networking.domain;
 
-  virtualHostOption = with lib; types.submodule {
+  virtualHostOption = with lib; types.submodule ({ name, ... }: {
     options = {
       subdomain = mkOption {
         type = types.str;
+        default = name;
         example = "dev";
         description = ''
           Which subdomain, under config.networking.domain, to use
@@ -72,7 +73,7 @@ let
         '';
       };
     };
-  };
+  });
 in
 {
   imports = [
@@ -97,20 +98,18 @@ in
     };
 
     virtualHosts = mkOption {
-      type = types.listOf virtualHostOption;
-      default = [ ];
+      type = types.attrsOf virtualHostOption;
+      default = { };
       example = litteralExample ''
-        [
-          {
-            subdomain = "gitea";
+        {
+          gitea = {
+            subdomain = "git";
             port = 8080;
-          }
-          {
-            subdomain = "dev";
+          };
+          dev = {
             root = "/var/www/dev";
-          }
-          {
-            subdomain = "jellyfin";
+          };
+          jellyfin = {
             port = 8096;
             extraConfig = {
               locations."/socket" = {
@@ -118,8 +117,8 @@ in
                 proxyWebsockets = true;
               };
             };
-          }
-        ]
+          };
+        }
       '';
       description = ''
         List of virtual hosts to set-up using default settings.
@@ -190,7 +189,7 @@ in
 
   config = lib.mkIf cfg.enable {
     assertions = [ ]
-      ++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args:
+      ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
       let
         conflicts = [ "port" "root" "socket" "redirect" ];
         optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
@@ -209,7 +208,7 @@ in
         ports = lib.my.mapFilter
           (v: v != null)
           ({ port, ... }: port)
-          cfg.virtualHosts;
+          (lib.attrValues cfg.virtualHosts);
         portCounts = lib.my.countValues ports;
         nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts;
         nonUniques = builtins.attrNames nonUniquesCounts;
@@ -221,7 +220,7 @@ in
       map mkAssertion nonUniques
     ) ++ (
       let
-        subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts;
+        subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts;
         subsCounts = lib.my.countValues subs;
         nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts;
         nonUniques = builtins.attrNames nonUniquesCounts;
@@ -325,7 +324,7 @@ in
             ])
           );
         in
-        lib.my.genAttrs' cfg.virtualHosts mkVHost;
+        lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost;
 
       sso = {
         enable = true;
@@ -403,12 +402,11 @@ in
       };
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "login";
+    my.services.nginx.virtualHosts = {
+      ${cfg.sso.subdomain} = {
         inherit (cfg.sso) port;
-      }
-    ];
+      };
+    };
 
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix
index b3bdbf3..1ce3161 100644
--- a/modules/nixos/services/nix-cache/default.nix
+++ b/modules/nixos/services/nix-cache/default.nix
@@ -43,11 +43,10 @@ in
       signKeyPath = cfg.secretKeyFile;
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "cache";
+    my.services.nginx.virtualHosts = {
+      cache = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index 90f6b0c..f528ad7 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -52,7 +52,7 @@ in
 
       mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
 
-      extraConfig =
+      settings =
         let
           paperlessDomain = "paperless.${config.networking.domain}";
         in
@@ -143,9 +143,8 @@ in
       extraGroups = [ "media" ];
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "paperless";
+    my.services.nginx.virtualHosts = {
+      paperless = {
         inherit (cfg) port;
         sso = {
           enable = true;
@@ -155,8 +154,8 @@ in
         extraConfig = {
           locations."/".proxyWebsockets = true;
         };
-      }
-    ];
+      };
+    };
 
     my.services.backup = {
       paths = [
diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix
index 59f9794..e500b54 100644
--- a/modules/nixos/services/pirate/default.nix
+++ b/modules/nixos/services/pirate/default.nix
@@ -21,12 +21,11 @@ let
   };
 
   mkRedirection = service: {
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = service;
+    my.services.nginx.virtualHosts = {
+      ${service} = {
         port = ports.${service};
-      }
-    ];
+      };
+    };
   };
 
   mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix
index 9793d60..5ceebb6 100644
--- a/modules/nixos/services/podgrab/default.nix
+++ b/modules/nixos/services/podgrab/default.nix
@@ -31,11 +31,10 @@ in
       inherit (cfg) passwordFile port;
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "podgrab";
+    my.services.nginx.virtualHosts = {
+      podgrab = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix
index 7ab145f..9e0d9c3 100644
--- a/modules/nixos/services/sabnzbd/default.nix
+++ b/modules/nixos/services/sabnzbd/default.nix
@@ -18,12 +18,11 @@ in
     # Set-up media group
     users.groups.media = { };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "sabnzbd";
+    my.services.nginx.virtualHosts = {
+      sabnzbd = {
         inherit port;
-      }
-    ];
+      };
+    };
 
     services.fail2ban.jails = {
       sabnzbd = ''
diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix
index 541e198..f5dc2db 100644
--- a/modules/nixos/services/tandoor-recipes/default.nix
+++ b/modules/nixos/services/tandoor-recipes/default.nix
@@ -70,11 +70,10 @@ in
       ];
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "recipes";
+    my.services.nginx.virtualHosts = {
+      recipes = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix
index 28df477..aeb88b7 100644
--- a/modules/nixos/services/transmission/default.nix
+++ b/modules/nixos/services/transmission/default.nix
@@ -80,12 +80,11 @@ in
 
     # Default transmission webui, I prefer combustion but its development
     # seems to have stalled
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "transmission";
+    my.services.nginx.virtualHosts = {
+      transmission = {
         inherit (cfg) port;
-      }
-    ];
+      };
+    };
 
     networking.firewall = {
       allowedTCPPorts = [ cfg.peerPort ];
diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix
index 8c051b0..9767d00 100644
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@@ -59,9 +59,8 @@ in
     };
 
     # This is a weird setup
-    my.services.nginx.virtualHosts = [
-      {
-        inherit subdomain;
+    my.services.nginx.virtualHosts = {
+      ${subdomain} = {
         # Serve the root for the web-ui
         root = config.services.vikunja.package-frontend;
 
@@ -80,8 +79,8 @@ in
             };
           };
         };
-      }
-    ];
+      };
+    };
 
     systemd.services.vikunja-api = {
       serviceConfig = {
diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix
index cebbc9b..f02a5c5 100644
--- a/modules/nixos/services/woodpecker/server/default.nix
+++ b/modules/nixos/services/woodpecker/server/default.nix
@@ -52,16 +52,14 @@ in
       }];
     };
 
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "woodpecker";
+    my.services.nginx.virtualHosts = {
+      woodpecker = {
         inherit (cfg) port;
-      }
+      };
       # I might want to be able to RPC from other hosts in the future
-      {
-        subdomain = "woodpecker-rpc";
+      woodpecker-rpc = {
         port = cfg.rpcPort;
-      }
-    ];
+      };
+    };
   };
 }
diff --git a/pkgs/default.nix b/pkgs/default.nix
index f5036fe..6b7fce1 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -14,8 +14,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   drone-rsync = pkgs.callPackage ./drone-rsync { };
 
-  drone-scp = pkgs.callPackage ./drone-scp { };
-
   i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { };
 
   lohr = pkgs.callPackage ./lohr { };
@@ -30,9 +28,5 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };
 
-  unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { };
-
-  wifi-qr = pkgs.callPackage ./wifi-qr { };
-
   zsh-done = pkgs.callPackage ./zsh-done { };
 })
diff --git a/pkgs/drone-scp/default.nix b/pkgs/drone-scp/default.nix
deleted file mode 100644
index 7437b06..0000000
--- a/pkgs/drone-scp/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ lib, buildGoModule, fetchFromGitHub }:
-buildGoModule rec {
-  pname = "drone-scp";
-  version = "1.6.3";
-
-  src = fetchFromGitHub {
-    owner = "appleboy";
-    repo = "drone-scp";
-    rev = "v${version}";
-    hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0=";
-  };
-
-  vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI=";
-
-  doCheck = false; # Needs a specific user...
-
-  meta = with lib; {
-    description = ''
-      Copy files and artifacts via SSH using a binary, docker or Drone CI
-    '';
-    homepage = "https://github.com/appleboy/drone-scp";
-    license = licenses.mit;
-    mainProgram = "drone-scp";
-  };
-}
diff --git a/pkgs/matrix-notifier/default.nix b/pkgs/matrix-notifier/default.nix
index a96cb61..aba093f 100644
--- a/pkgs/matrix-notifier/default.nix
+++ b/pkgs/matrix-notifier/default.nix
@@ -1,13 +1,13 @@
 { lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }:
 stdenvNoCC.mkDerivation rec {
   pname = "matrix-notifier";
-  version = "0.3.0";
+  version = "0.4.0";
 
   src = fetchFromGitHub {
     owner = "ambroisie";
     repo = "matrix-notifier";
     rev = "v${version}";
-    hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0=";
+    hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix
index b8392ae..642ac41 100644
--- a/pkgs/unbound-zones-adblock/default.nix
+++ b/pkgs/unbound-zones-adblock/default.nix
@@ -1,9 +1,9 @@
-{ lib, gawk, stdenvNoCC, unified-hosts-lists }:
+{ lib, gawk, stdenvNoCC, stevenblack-blocklist }:
 stdenvNoCC.mkDerivation {
   name = "unbound-zones-adblock";
-  version = unified-hosts-lists.version;
+  version = stevenblack-blocklist.rev;
 
-  src = unified-hosts-lists;
+  src = stevenblack-blocklist;
 
   dontUnpack = true;
 
@@ -18,9 +18,11 @@ stdenvNoCC.mkDerivation {
       ];
     in
     ''
-      mkdir -p $out
-      for file in $src/*; do
-          ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file)
+      shopt -s globstar
+      for file in $src/**/hosts; do
+          outFile="$out/''${file#$src}"
+          mkdir -p "$(dirname "$outFile")"
+          ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile"
       done
     '';
 
diff --git a/pkgs/unified-hosts-lists/default.nix b/pkgs/unified-hosts-lists/default.nix
deleted file mode 100644
index 6a71fdf..0000000
--- a/pkgs/unified-hosts-lists/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ lib, fetchFromGitHub, stdenvNoCC }:
-stdenvNoCC.mkDerivation rec {
-  pname = "unified-hosts-lists";
-  version = "3.14.37";
-
-  src = fetchFromGitHub {
-    owner = "StevenBlack";
-    repo = "hosts";
-    rev = version;
-    hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE=";
-  };
-
-  dontUnpack = true;
-
-  installPhase = ''
-    mkdir -p $out
-    cp -r $src/hosts $out
-    for file in $src/alternates/*/hosts; do
-        cp $file $out/$(basename $(dirname $file))
-    done
-  '';
-
-  meta = with lib; {
-    description = "Unified host lists";
-    longDescription = ''
-      Consolidating and extending hosts files from several well-curated sources.
-      Optionally pick extensions for porn, social media, and other categories.
-    '';
-    homepage = "https://github.com/StevenBlack/hosts";
-    license = licenses.mit;
-    maintainers = with maintainers; [ ambroisie ];
-    platforms = platforms.all;
-  };
-}
diff --git a/pkgs/wifi-qr/default.nix b/pkgs/wifi-qr/default.nix
deleted file mode 100644
index 88164e5..0000000
--- a/pkgs/wifi-qr/default.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-{ lib
-, fetchFromGitHub
-, gnome
-, installShellFiles
-, makeWrapper
-, networkmanager
-, qrencode
-, stdenvNoCC
-, xdg-utils
-, zbar
-}:
-stdenvNoCC.mkDerivation rec {
-  pname = "wifi-qr";
-  version = "unstable-2023-04-19";
-
-  outputs = [ "out" "man" ];
-
-  src = fetchFromGitHub {
-    owner = "kokoye2007";
-    repo = "wifi-qr";
-    rev = "b81d4a44257252f07e745464879aa5618ae3d434";
-    hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0=";
-  };
-
-  nativeBuildInputs = [
-    installShellFiles
-    makeWrapper
-  ];
-
-  dontBuild = true;
-
-  dontConfigure = true;
-
-  postPatch = ''
-    substituteInPlace wifi-qr.desktop \
-      --replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \
-      --replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \
-      --replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \
-      --replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \
-      --replace "Icon=wifi-qr.svg" "Icon=wifi-qr"
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    install -Dm755 wifi-qr $out/bin/wifi-qr
-
-    install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop
-    install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg
-
-    installManPage wifi-qr.1
-
-    runHook postInstall
-  '';
-
-  wrapperPath = lib.makeBinPath [
-    gnome.zenity
-    networkmanager
-    qrencode
-    xdg-utils
-    zbar
-  ];
-
-  fixupPhase = ''
-    runHook preFixup
-
-    patchShebangs $out/bin/wifi-qr
-    wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}"
-
-    runHook postFixup
-  '';
-
-  meta = with lib; {
-    description = "WiFi password sharing via QR codes";
-    homepage = "https://github.com/kokoye2007/wifi-qr";
-    license = with licenses; [ gpl3Plus ];
-    mainProgram = "wifi-qr";
-    maintainers = with maintainers; [ ambroisie ];
-    platforms = platforms.linux;
-  };
-}