diff --git a/hosts/apu/configuration.nix b/hosts/apu/configuration.nix
index e57bfbf..427cdb4 100644
--- a/hosts/apu/configuration.nix
+++ b/hosts/apu/configuration.nix
@@ -238,6 +238,8 @@
           forward-tls-upstream = true;
         }
       ];
+
+      remote-control.control-enable = true;
     };
   };
 
@@ -245,7 +247,7 @@
     enable = true;
     nssmdns = true;
     reflector = true;
-    interfaces = [ "lan" ];
+    allowInterfaces = [ "lan" ];
     openFirewall = true;
   };
 
diff --git a/hosts/freun-dev/configuration.nix b/hosts/freun-dev/configuration.nix
index 64d8d72..14bcc05 100644
--- a/hosts/freun-dev/configuration.nix
+++ b/hosts/freun-dev/configuration.nix
@@ -24,7 +24,7 @@ in
     gc = {
       automatic = true;
       dates = "weekly";
-      options = "--delete-older-than 30d";
+      options = "--delete-older-than 7d";
     };
   };
 
diff --git a/hosts/freun-dev/secrets.nix b/hosts/freun-dev/secrets.nix
index b1a3019..393df1a 100644
--- a/hosts/freun-dev/secrets.nix
+++ b/hosts/freun-dev/secrets.nix
@@ -28,6 +28,8 @@
           "glance/reddit/app-id"
           "glance/reddit/app-secret"
           "hetzner"
+          "actual"
+          "voidauth"
         ]
     )
     // {
diff --git a/hosts/freun-dev/services.nix b/hosts/freun-dev/services.nix
index c5fc6cf..ba5ff09 100644
--- a/hosts/freun-dev/services.nix
+++ b/hosts/freun-dev/services.nix
@@ -127,13 +127,13 @@ in
     };
 
     gtrackmap = {
-      enable = true;
+      enable = false;
       subdomain = "trackmap";
       port = 3001;
     };
 
     invidious = {
-      enable = true;
+      enable = false;
       subdomain = "vid";
     };
 
@@ -297,7 +297,7 @@ in
     };
 
     home-assistant = {
-      enable = true;
+      enable = false;
       subdomain = "home";
       config = {
         homeassistant = {
@@ -381,6 +381,14 @@ in
       subdomain = "irc";
     };
 
+    sillytavern = {
+      enable = true;
+      subdomain = "st";
+      listen = true;
+      whitelist = false;
+      port = 3100;
+    };
+
     nginx.virtualHosts."isarepomaa.com" = {
       forceSSL = true;
       enableACME = true;
@@ -400,9 +408,42 @@ in
       ];
     };
 
+    actual = {
+      enable = true;
+      package = pkgs-unstable.actual-server;
+      subdomain = "actual";
+      environmentFile = secrets.actual.path;
+      settings = {
+        port = 3200;
+        openId = {
+          discoveryURL = "https://${config.services.voidauth.subdomain}.${config.networking.domain}/oidc/.well-known/openid-configuration";
+          server_hostname = "https://${config.services.actual.subdomain}.${config.networking.domain}";
+        };
+        loginMethod = "openid";
+        allowedLoginMethods = [ "openid" ];
+        enforceOpenId = true;
+        userCreationMode = "login";
+      };
+    };
+
+    voidauth = {
+      enable = true;
+      subdomain = "auth";
+      environmentFile = secrets.voidauth.path;
+      settings = {
+        APP_PORT = 3300;
+        SMTP_HOST = smtp.host;
+        SMTP_FROM = smtp.from;
+        SMTP_PORT = smtp.port;
+        SMTP_USER = smtp.username;
+      };
+    };
+
     webserver = {
       acme.dnsChallenge = true;
       tailscaleAuth.expectedTailnet = "tempel-vibes.ts.net";
     };
   };
+
+  virtualisation.docker.autoPrune.enable = true;
 }
diff --git a/hosts/radish/desktop.nix b/hosts/radish/desktop.nix
index 3d4c56c..b3e76f4 100644
--- a/hosts/radish/desktop.nix
+++ b/hosts/radish/desktop.nix
@@ -1,10 +1,7 @@
 { ... }:
 {
-  services.xserver = {
-    enable = true;
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
-  };
+  services.displayManager.gdm.enable = true;
+  services.desktopManager.gnome.enable = true;
 
   services.printing.enable = true;
 
diff --git a/hosts/radish/hardware.nix b/hosts/radish/hardware.nix
index 2d4a7f8..e96614a 100644
--- a/hosts/radish/hardware.nix
+++ b/hosts/radish/hardware.nix
@@ -13,7 +13,7 @@
   services.udev.packages = [
     pkgs.zsa-udev-rules
     pkgs-unstable.yubikey-personalization
-    inputs.ksoloti-pr.legacyPackages.${pkgs.system}.ksoloti
+    inputs.ksoloti-pr.legacyPackages.${pkgs.stdenv.hostPlatform.system}.ksoloti
   ];
   services.usbmuxd = {
     enable = true;
@@ -50,11 +50,11 @@
   hardware.keyboard.zsa.enable = true;
 
   services.logind = {
-    lidSwitch = "suspend";
-    powerKey = "suspend";
-    extraConfig = ''
-      IdleAction=suspend
-    '';
+    settings.Login = {
+      IdleAction = "suspend";
+      HandleLidSwitch = "suspend";
+      HandlePowerKey = "suspend";
+    };
   };
 
   powerManagement = {
@@ -69,6 +69,21 @@
     enable = true;
     extraPackages = with pkgs; [ rocmPackages.clr.icd ];
   };
-  networking.networkmanager.wifi.backend = "iwd";
+  networking.networkmanager = {
+    enable = true;
+    wifi.backend = "iwd";
+    plugins = with pkgs; [
+      networkmanager-openvpn
+    ];
+  };
   security.tpm2.enable = true;
+
+  services.nqptp.enable = true;
+  networking.firewall.allowedTCPPortRanges = [
+    {
+      from = 7000;
+      to = 7010;
+    }
+  ];
+  networking.firewall.allowedUDPPorts = [ 5353 ];
 }