diff --git a/hosts/sakura/hardware-configuration.nix b/hosts/sakura/hardware-configuration.nix
index e0d299a..19346a2 100644
--- a/hosts/sakura/hardware-configuration.nix
+++ b/hosts/sakura/hardware-configuration.nix
@@ -1,45 +1,30 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "xhci_pci"
-    "thunderbolt"
-    "usb_storage"
-    "sd_mod"
-  ];
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
-    fsType = "ext4";
-  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
+      fsType = "ext4";
+    };
 
-  boot.initrd.luks.devices."luks-root".device = "/dev/nvme0n1p3";
+  boot.initrd.luks.devices."luks-156453ac-bbad-452c-ad92-4fc569db9347".device = "/dev/disk/by-uuid/156453ac-bbad-452c-ad92-4fc569db9347";
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/0EFD-4B3F";
-    fsType = "vfat";
-    options = [
-      "fmask=0022"
-      "dmask=0022"
-    ];
-  };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0EFD-4B3F";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
 
   swapDevices = [ ];
 
diff --git a/modules/core/printing.nix b/modules/core/printing.nix
index 0bf8a60..7622bee 100644
--- a/modules/core/printing.nix
+++ b/modules/core/printing.nix
@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   services.avahi = {
-    enable = false;
+    enable = true;
     nssmdns4 = true;
     openFirewall = true;
   };
diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix
index 13fba58..6e1a9e8 100644
--- a/modules/core/sshd.nix
+++ b/modules/core/sshd.nix
@@ -2,7 +2,7 @@
 {
   services.openssh = {
     enable = true;
-    ports = [ 9123 ];
+    ports = [ 22 ];
     settings = {
       PasswordAuthentication = lib.mkDefault false;
       AllowUsers = null;
diff --git a/modules/home/waybar/scripts.nix b/modules/home/waybar/scripts.nix
index c24b8d3..fff7b18 100644
--- a/modules/home/waybar/scripts.nix
+++ b/modules/home/waybar/scripts.nix
@@ -155,24 +155,27 @@
     "/home/${username}/.local/bin/waybar-music" = {
       executable = true;
       text = ''
-        #!/usr/bin/env sh
+        #!/usr/bin/env bash
 
-        META="{{ trunc(artist,17) }} - {{ trunc(title,17) }}"
-        PLAYERS="spotify ncspot mpv mpd"
+        class=$(playerctl metadata --player=ncspot --format '{{lc(status)}}')
 
-        for PLAYER in $PLAYERS; do
-        	# if the player is not playing, continue to the next player, until we find one that is playing
-        	[ "$(playerctl --player=$PLAYER status 2>/dev/null)" != "Playing" ] && continue
-        	text=$(playerctl metadata --player $PLAYER --format "$META")
-        	echo -e "{\"text\":\""$text"\", \"class\":\"Playing\"}"
-        	exit 0
-        done
+        if [[ $class == "playing" ]]; then
+          info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
+          if [[ $\{#info} > 40 ]]; then
+            info=$(echo $info | cut -c1-40)"..."
+          fi
+          text="$info"
+        elif [[ $class == "paused" ]]; then
+          info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
+          if [[ $\{#info} > 40 ]]; then
+            info=$(echo $info | cut -c1-40)"..."
+          fi
+          text=" $info"
+        elif [[ $class == "stopped" ]]; then
+          text=""
+        fi
 
-        ICON="❚❚ "
-        PAUSERS="spotify ncspot mpd"
-        for PAUSER in $PAUSERS; do
-        	[ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Paused" ] || [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Stopped" ] && text="$ICON"$(playerctl metadata --player $PAUSER --format "$META") && echo -e "{\"text\":\""$text"\", \"class\":\""paused"\"}" && exit 0
-        done
+        echo -e "{\"text\":\""$text"\", \"class\":\""$class"\"}"
       '';
     };
     "/home/${username}/.local/bin/waybar-devices" = {
diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix
index 82e98d8..b1457dc 100644
--- a/modules/home/zsh.nix
+++ b/modules/home/zsh.nix
@@ -111,12 +111,12 @@
 
         export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"
 
-        # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
-        #   alias imv="sxiv"
-        # elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
-        #   alias imv="nsxiv"
-        #   alias sxiv="nsxiv"
-        # fi
+        if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
+          alias imv="sxiv"
+        elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
+          alias imv="nsxiv"
+          alias sxiv="nsxiv"
+        fi
       '';
 
       zsh-abbr = {
@@ -173,7 +173,6 @@
         # nvim = "nix run /home/liv/Development/nixvim --";
         vim = "nvim";
         doas = "sudo";
-        sxiv = "nsxiv";
 
         # NixOS
         ns = "nix-shell --run zsh";
diff --git a/modules/services/dandelion.nix b/modules/services/dandelion.nix
index edf193d..74ad09f 100644
--- a/modules/services/dandelion.nix
+++ b/modules/services/dandelion.nix
@@ -7,6 +7,5 @@
     ++ [ (import ./home-assistant.nix) ]
     ++ [ (import ./monitoring.nix) ]
     ++ [ (import ./smart-monitoring.nix) ]
-    ++ [ (import ./tailscale.nix) ]
     ++ [ (import ./hd-idle.nix) ];
 }
diff --git a/modules/services/monitoring.nix b/modules/services/monitoring.nix
index 43b5319..a22d5f9 100644
--- a/modules/services/monitoring.nix
+++ b/modules/services/monitoring.nix
@@ -23,9 +23,9 @@
       ];
     };
   };
-  # networking.firewall = {
-  # allowedTCPPorts = [
-  # 9001
-  # ];
-  # };
+  networking.firewall = {
+    allowedTCPPorts = [
+      9001
+    ];
+  };
 }
diff --git a/modules/services/mumble.nix b/modules/services/mumble.nix
index eaa0836..14c9487 100644
--- a/modules/services/mumble.nix
+++ b/modules/services/mumble.nix
@@ -2,6 +2,6 @@
 {
   services.murmur = {
     enable = true;
-    openFirewall = false;
+    openFirewall = true;
   };
 }
diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index 6e6f98f..952473a 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -37,35 +37,41 @@
     recommendedProxySettings = true;
     clientMaxBodySize = lib.mkDefault "10G";
 
-    #defaultListen =
-    #  let
-    #    listen = [
-    #      {
-    #        addr = "[::]";
-    #        port = 80;
-    #        extraParameters = [ "proxy_protocol" ];
-    #      }
-    #      {
-    #        addr = "[::]";
-    #        port = 443;
-    #        ssl = true;
-    #        extraParameters = [ "proxy_protocol" ];
-    #      }
-    #    ];
-    #  in
-    #  map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
+    defaultListen =
+      let
+        listen = [
+          {
+            addr = "[::]";
+            port = 80;
+            extraParameters = [ "proxy_protocol" ];
+          }
+          {
+            addr = "[::]";
+            port = 443;
+            ssl = true;
+            extraParameters = [ "proxy_protocol" ];
+          }
+        ];
+      in
+      map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
 
     # Hardened TLS and HSTS preloading
     appendHttpConfig = ''
       # Proxying
       # real_ip_header proxy_protocol;
 
+      server {
+        listen 80   proxy_protocol;
+        listen 443  ssl proxy_protocol;
+        # set_real_ip_from 10.7.0.0/24;
+      }
+
       ssl_certificate /var/lib/acme/quack.social/cert.pem;
       ssl_certificate_key /var/lib/acme/quack.social/key.pem;
 
-      # proxy_set_header Host            $host;
-      # proxy_set_header X-Real-IP       $proxy_protocol_addr;
-      # proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+      proxy_set_header Host            $host;
+      proxy_set_header X-Real-IP       $proxy_protocol_addr;
+      proxy_set_header X-Forwarded-For $proxy_protocol_addr;
 
       # Add HSTS header with preloading to HTTPS requests.
       # Do not add HSTS header to HTTP requests.
@@ -92,6 +98,19 @@
       add_header pronouns "any but neopronouns";
       add_header locale "[en_US, nl_NL]";
     '';
+    appendConfig = ''
+      # https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
+      # set_real_ip_from 213.210.34.27;
+
+      # real_ip_header proxy_protocol;
+
+      # proxy_set_header Host               $host;
+      # proxy_set_header X-Real-IP          $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-For    $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-Proto  $scheme;
+      # proxy_set_header X-Forwarded-Host   $host;
+      # proxy_set_header X-Forwarded-Server $host;
+    '';
   };
   networking.firewall = {
     allowedTCPPorts = [
diff --git a/roles/creative.nix b/roles/creative.nix
index 37a9200..9546198 100644
--- a/roles/creative.nix
+++ b/roles/creative.nix
@@ -1,16 +1,8 @@
-{
-  lib,
-  pkgs,
-  config,
-  username,
-  home-manager,
-  ...
-}:
+{ lib, pkgs, config, username, home-manager, ... }:
 with lib;
 let
   cfg = config.liv.creative;
-in
-{
+in {
   options.liv.creative = {
     enable = mkEnableOption "Enable creative workflow";
   };
@@ -25,7 +17,6 @@ in
           obs-studio
           kdePackages.kdenlive
           orca-slicer
-          freecad
         ];
       };
     };