diff --git a/config/common/default.nix b/config/common/default.nix
index 5f26c2d0..8ee96116 100644
--- a/config/common/default.nix
+++ b/config/common/default.nix
@@ -7,6 +7,8 @@ in {
   imports = [ ../../modules ../users (sources.home-manager + "/nixos") ];
 
   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  boot.loader.grub.configurationLimit = 8;
+  boot.loader.systemd-boot.configurationLimit = 8;
 
   nixpkgs.config = { allowUnfree = true; };
   nix = {
diff --git a/config/hosts/athame/configuration.nix b/config/hosts/athame/configuration.nix
index 6748bf64..50a70e25 100644
--- a/config/hosts/athame/configuration.nix
+++ b/config/hosts/athame/configuration.nix
@@ -22,6 +22,7 @@
     ./matrix.nix
   ];
 
+  meta.deploy.profiles = [];
   meta.deploy.ssh.host = "athame.kittywit.ch";
 
   boot.loader.grub.enable = true;
diff --git a/config/hosts/boline/configuration.nix b/config/hosts/boline/configuration.nix
index 13a00a4b..cdbffe08 100644
--- a/config/hosts/boline/configuration.nix
+++ b/config/hosts/boline/configuration.nix
@@ -6,7 +6,7 @@
     #./wireguard.nix
   ];
 
-  #meta.deploy.profiles = [];
+  meta.deploy.profiles = [];
   meta.deploy.ssh.host = "boline.kittywit.ch";
 
   boot.loader.grub.enable = true;
diff --git a/config/hosts/samhain/configuration.nix b/config/hosts/samhain/configuration.nix
index 20c695a3..8f47f6b9 100644
--- a/config/hosts/samhain/configuration.nix
+++ b/config/hosts/samhain/configuration.nix
@@ -59,9 +59,9 @@ in {
   # * uinput rule
   services.udev.extraRules = ''
     SUBSYSTEM=="i2c-dev", GROUP="users", MODE="0660"
-    SUBSYSTEM=="input", ACTION=="add", DEVPATH=="/devices/virtual/input/*", MODE="0660", GROUP="qemu-libvirtd"
     SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="fa58", ATTRS{idProduct}=="04d9", GROUP="users"
     SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput"
+    SUBSYSTEM=="input", ACTION=="add", DEVPATH=="/devices/virtual/input/*", MODE="0660", GROUP="qemu-libvirtd", RUN+="${pkgs.writeShellScript "mewdev" "${pkgs.coreutils}/bin/echo  'c 13:* rw' > /sys/fs/cgroup/devices/machine.slice/machine-qemu*/devices.allow"}"
   '';
 
   environment.systemPackages = [
diff --git a/config/users/kat/default.nix b/config/users/kat/default.nix
index 093a1e34..170e5554 100644
--- a/config/users/kat/default.nix
+++ b/config/users/kat/default.nix
@@ -7,6 +7,7 @@
     ./gaming.nix
     ./network.nix
     ./sway.nix
+    ./waybar
     ./kitty.nix
     ./emacs.nix
   ];
diff --git a/config/users/kat/sway.nix b/config/users/kat/sway.nix
index f2786682..1d02ca68 100644
--- a/config/users/kat/sway.nix
+++ b/config/users/kat/sway.nix
@@ -4,8 +4,6 @@ let
   style = import ./style.nix;
   secrets = import ../../../secrets.nix;
 in {
-  imports = [ ./waybar ];
-
   config = lib.mkIf (lib.elem "sway" config.meta.deploy.profiles) {
 
     fonts.fonts = with pkgs; [
diff --git a/config/users/kat/waybar/default.nix b/config/users/kat/waybar/default.nix
index 9b902fca..c57ff50a 100644
--- a/config/users/kat/waybar/default.nix
+++ b/config/users/kat/waybar/default.nix
@@ -4,6 +4,7 @@ let
   style = import ../style.nix;
   secrets = import ../../../../secrets.nix;
 in {
+  config = lib.mkIf (lib.elem "sway" config.meta.deploy.profiles) {
   home-manager.users.kat = {
     programs.waybar = {
       enable = true;
@@ -30,11 +31,7 @@ in {
             format = "{}";
             interval = 3600;
             on-click = "xdg-open 'https://google.com/search?q=weather'";
-            exec = "nix-shell --command 'python ${
-                ../../../../scripts/weather/weather.py
-              } ${secrets.profiles.sway.city} ${secrets.profiles.sway.api_key}' ${
-                ../../../../scripts/weather}
-              }";
+            exec = "nix-shell --command 'python ${../../../../scripts/weather/weather.py} ${secrets.profiles.sway.city} ${secrets.profiles.sway.api_key}' ${../../../../scripts/weather}";
           };
           cpu = { format = "  {usage}%"; };
           memory = { format = "  {percentage}%"; };
@@ -76,4 +73,5 @@ in {
       }];
     };
   };
+  };
 }
diff --git a/nix/sources.json b/nix/sources.json
index 0f9dbf09..16e23cf0 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -5,10 +5,10 @@
         "homepage": "https://nur.nix-community.org/",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "edff1588e7923d718bd0bc739f5fb1a48e28ec0a",
-        "sha256": "1fip7mrz60rm488d0fxrhx6hih5g6ar00id9xgs0hcrx9hv0jd4x",
+        "rev": "f88a3283cad55888be0cc2d984a44801dd16ec21",
+        "sha256": "0kgs39spdlwj4ky4v3sd7drlvhjg4wccara7g9axa6la8328ghc2",
         "type": "tarball",
-        "url": "https://github.com/nix-community/NUR/archive/edff1588e7923d718bd0bc739f5fb1a48e28ec0a.tar.gz",
+        "url": "https://github.com/nix-community/NUR/archive/f88a3283cad55888be0cc2d984a44801dd16ec21.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "arc-nixexprs": {
@@ -29,10 +29,10 @@
         "homepage": "https://nix-community.github.io/home-manager/",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "22f6736e628958f05222ddaadd7df7818fe8f59d",
-        "sha256": "1j4hyjd3kgvwym5jjazzyn554ngrm05ca9wl1a7z1bid22asr99p",
+        "rev": "209566c752c4428c7692c134731971193f06b37c",
+        "sha256": "1canlfkm09ssbgm3hq0kb9d86bdh84jhidxv75g98zq5wgadk7jm",
         "type": "tarball",
-        "url": "https://github.com/nix-community/home-manager/archive/22f6736e628958f05222ddaadd7df7818fe8f59d.tar.gz",
+        "url": "https://github.com/nix-community/home-manager/archive/209566c752c4428c7692c134731971193f06b37c.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "niv": {
@@ -41,10 +41,10 @@
         "homepage": "https://github.com/nmattia/niv",
         "owner": "nmattia",
         "repo": "niv",
-        "rev": "3cd7914b2c4cff48927e11c216dadfab7d903fe5",
-        "sha256": "1agq4nvbhrylf2s77kb4xhh9k7xcwdwggq764k4jgsbs70py8cw3",
+        "rev": "af958e8057f345ee1aca714c1247ef3ba1c15f5e",
+        "sha256": "1qjavxabbrsh73yck5dcq8jggvh3r2jkbr6b5nlz5d9yrqm9255n",
         "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/3cd7914b2c4cff48927e11c216dadfab7d903fe5.tar.gz",
+        "url": "https://github.com/nmattia/niv/archive/af958e8057f345ee1aca714c1247ef3ba1c15f5e.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nix-doom-emacs": {
@@ -53,10 +53,10 @@
         "homepage": "",
         "owner": "vlaci",
         "repo": "nix-doom-emacs",
-        "rev": "b182af7d10aa8394f12ecc2c53fd942fa30de060",
-        "sha256": "1mn01cvax8dmgxv68f9hv4l5i1p2xms0dlzmp30jmf7g31jfbrdy",
+        "rev": "6b0aa3418c574f329d3567dc6e69d955a4908140",
+        "sha256": "13d39anzkw1px59igjmpf2sk3rr6d8zqpkr7c2nay3sgrn2rsfac",
         "type": "tarball",
-        "url": "https://github.com/vlaci/nix-doom-emacs/archive/b182af7d10aa8394f12ecc2c53fd942fa30de060.tar.gz",
+        "url": "https://github.com/vlaci/nix-doom-emacs/archive/6b0aa3418c574f329d3567dc6e69d955a4908140.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixos-mailserver": {
@@ -74,10 +74,10 @@
         "homepage": "",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "cacb9ac7a5157363a91a1dfb31607024db3bb717",
-        "sha256": "136lc1lsahv03aqbp36xiszfrsi86dhw56dvzi72iczci7bvz4p2",
+        "rev": "d303eee16ce8dee5c0b5b8e5f6323f561c189ec5",
+        "sha256": "05hna2a2zss5rfbsbxah4z159yvyyarw5w5hqwnbs020h02j2ywh",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/cacb9ac7a5157363a91a1dfb31607024db3bb717.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/d303eee16ce8dee5c0b5b8e5f6323f561c189ec5.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-mozilla": {
@@ -98,16 +98,16 @@
         "homepage": "",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ec334a1b01c491faa3463c96717b71921dddef2c",
-        "sha256": "0rcsqnnbaqrl010lv0cnvckimng2w3agm675c3dvcfvxyqlc2z2k",
+        "rev": "74b9241e60c796ff68876f87916062d54c4aa0f5",
+        "sha256": "03ibycl3jzv51flcfqq24xvk9dcdfy5nhmqa801083y56x4szqyj",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/ec334a1b01c491faa3463c96717b71921dddef2c.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/74b9241e60c796ff68876f87916062d54c4aa0f5.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "pbb-nixfiles": {
         "ref": "main",
         "repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
-        "rev": "0720c5dba283d782f2f887bf97aad339137d95dc",
+        "rev": "de52bf8ed00f3857b2240e74dfb0244928890df0",
         "type": "git"
     },
     "qyliss-nixlib": {
diff --git a/todo.org b/todo.org
new file mode 100644
index 00000000..4746e8ba
--- /dev/null
+++ b/todo.org
@@ -0,0 +1,12 @@
+* Tasks
+** TODO Pull screenstub in as an overlay with patches
+** TODO Move virtual machine config into nixfiles
+** TODO Add dork.dev to mailserver
+** TODO Set up proper user service for scream
+** TODO Secrets handling
+
+* Secrets handling
+
+** TODO Bitwarden integration for secrets obtainment
+** TODO Secrets transposition service
+** TODO Config delivery + permissions service