diff --git a/config/hosts/goliath.nix b/config/hosts/goliath.nix
index 27d319e8..4f7bc5c0 100644
--- a/config/hosts/goliath.nix
+++ b/config/hosts/goliath.nix
@@ -3,6 +3,7 @@
     profiles.hardware.ms-7b86
     profiles.hardware.razer
     profiles.hardware.bamboo
+    profiles.hardware.networkmanager
     profiles.gui
     profiles.x11
     profiles.vfio
@@ -282,13 +283,14 @@
       hostId = "617050fc";
       useDHCP = false;
       /*useNetworkd = true;*/
-        interfaces = {
-          enp34s0.ipv4.addresses = singleton {
+        /*interfaces = {
+          enp34s0 = {
+            /*ipv4.addresses = singleton {
             inherit (config.network.addresses.private.nixos.ipv4) address;
             prefixLength = 24;
           };
         };
-        defaultGateway = config.network.privateGateway;
+        defaultGateway = config.network.privateGateway;*/
       firewall.allowPing = true;
     };
 
diff --git a/config/hosts/yukari.nix b/config/hosts/yukari.nix
index ae5ad45c..bc9b69fa 100644
--- a/config/hosts/yukari.nix
+++ b/config/hosts/yukari.nix
@@ -5,6 +5,7 @@
     profiles.gui
     users.kat.guiFull
     services.jellyfin
+    services.ha
     services.nextcloud
     services.kattv-ingest
     services.kattv2-ingest
@@ -88,11 +89,11 @@
   networking = {
     hostId = "3ef9a419";
     useDHCP = false;
-    interfaces.eno1.ipv4.addresses = singleton {
+    interfaces.eno1.useDHCP = true; /*.ipv4.addresses = singleton {
       inherit (config.network.addresses.private.nixos.ipv4) address;
       prefixLength = 24;
     };
-    defaultGateway = config.network.privateGateway;
+    defaultGateway = config.network.privateGateway; */
   };
 
   network = {
@@ -100,7 +101,7 @@
       private = {
         enable = true;
         nixos = {
-          ipv4.address = "192.168.1.2";
+          ipv4.address = "192.168.1.154";
           # TODO ipv6.address
         };
       };
diff --git a/config/modules/nixos/wireguard-tf.nix b/config/modules/nixos/wireguard-tf.nix
index 258d8254..245ccfa4 100644
--- a/config/modules/nixos/wireguard-tf.nix
+++ b/config/modules/nixos/wireguard-tf.nix
@@ -14,7 +14,7 @@ in {
           type = "resource";
           provisioners = singleton {
             local-exec.command = let
-              wg = "${pkgs.buildPackages.wireguard}/bin/wg";
+              wg = "${pkgs.buildPackages.wireguard-tools}/bin/wg";
             in "${wg} genkey | tee ${dataDir + "/wg-private-${terraformSelf "id"}"} | ${wg} pubkey > ${dataDir + "/wg-public-${terraformSelf "id"}"}";
           };
         };
diff --git a/config/profiles/base/nix.nix b/config/profiles/base/nix.nix
index 4e47537e..a52bce57 100644
--- a/config/profiles/base/nix.nix
+++ b/config/profiles/base/nix.nix
@@ -19,7 +19,7 @@
     };
     settings = {
       experimental-features = lib.optional (lib.versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
-      substituters = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" "https://nixcache.reflex-frp.org" ];
+      substituters = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" ];
       trusted-public-keys =
         [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
       auto-optimise-store = true;
diff --git a/config/profiles/gui/filesystems.nix b/config/profiles/gui/filesystems.nix
index 2a47c0c4..da286f95 100644
--- a/config/profiles/gui/filesystems.nix
+++ b/config/profiles/gui/filesystems.nix
@@ -1,5 +1,5 @@
 { config, pkgs, ... }:
 
 {
-  environment.systemPackages = with pkgs; [ ntfs3g exfat-utils ];
+  environment.systemPackages = with pkgs; [ ntfs3g exfat ];
 }
diff --git a/config/services/ha.nix b/config/services/ha.nix
new file mode 100644
index 00000000..a52de530
--- /dev/null
+++ b/config/services/ha.nix
@@ -0,0 +1,21 @@
+{ config, ... }: {
+  services.home-assistant = {
+    enable = true;
+    config = null;
+    extraComponents = [
+      "zha"
+      "esphome"
+      "met"
+      "default_config"
+      "google"
+      "google_assistant"
+      "google_cloud"
+      "google_translate"
+      "homekit"
+      "zeroconf"
+      "luci"
+    ];
+  };
+
+  network.firewall.public.tcp.ports = [ 8123 ];
+}
diff --git a/config/services/synapse.nix b/config/services/synapse.nix
index 1157e85e..e5ecbe07 100644
--- a/config/services/synapse.nix
+++ b/config/services/synapse.nix
@@ -154,7 +154,6 @@ CONFIG = {
     config.secrets.files.mautrix-telegram-env.path;
   services.matrix-synapse = {
     enable = true;
-    max_upload_size = "512M";
     logConfig = ''
       version: 1
       formatters:
@@ -180,21 +179,35 @@ CONFIG = {
         level: WARNING
         handlers: [console]
     '';
-    server_name = config.network.dns.domain;
-    app_service_config_files = [
-      "/var/lib/matrix-synapse/telegram-registration.yaml"
-      "/var/lib/matrix-synapse/discord-registration.yaml"
-      "/var/lib/matrix-synapse/whatsapp-registration.yaml"
-    ];
-    rc_messages_per_second = mkDefault "0.1";
-    rc_message_burst_count = mkDefault "25.0";
-    public_baseurl = "https://${config.network.dns.domain}";
-    url_preview_enabled = mkDefault true;
-    enable_registration = mkDefault false;
-    enable_metrics = mkDefault false;
-    report_stats = mkDefault false;
-    dynamic_thumbnails = mkDefault true;
-    allow_guest_access = mkDefault true;
+    settings = {
+      server_name = config.network.dns.domain;
+      app_service_config_files = [
+        "/var/lib/matrix-synapse/telegram-registration.yaml"
+        "/var/lib/matrix-synapse/discord-registration.yaml"
+        "/var/lib/matrix-synapse/whatsapp-registration.yaml"
+      ];
+      max_upload_size = "512M";
+      rc_messages_per_second = mkDefault "0.1";
+      rc_message_burst_count = mkDefault "25.0";
+      public_baseurl = "https://${config.network.dns.domain}";
+      url_preview_enabled = mkDefault true;
+      enable_registration = mkDefault false;
+      enable_metrics = mkDefault false;
+      report_stats = mkDefault false;
+      dynamic_thumbnails = mkDefault true;
+      allow_guest_access = mkDefault true;
+      listeners = [{
+        port = 8008;
+        bind_address = "::1";
+        type = "http";
+        tls = false;
+        x_forwarded = true;
+        resources = [{
+          names = [ "client" "federation" ];
+          compress = false;
+        }];
+      }];
+    };
     extraConfig = ''
       suppress_key_server_warning: true
       saml2_config:
@@ -208,17 +221,6 @@ CONFIG = {
         password_config:
           enabled: false
     '';
-    listeners = [{
-      port = 8008;
-      bind_address = "::1";
-      type = "http";
-      tls = false;
-      x_forwarded = true;
-      resources = [{
-        names = [ "client" "federation" ];
-        compress = false;
-      }];
-    }];
   };
 
   services.mautrix-telegram = {
diff --git a/config/tf b/config/tf
index 1b7ca814..1c019e02 160000
--- a/config/tf
+++ b/config/tf
@@ -1 +1 @@
-Subproject commit 1b7ca814a7cb07f6bbf168f6ec234c4421adcfe3
+Subproject commit 1c019e026cb270aec9471aba005a7e46dddb985c
diff --git a/config/users/kat/gui/konawall.nix b/config/users/kat/gui/konawall.nix
index 8efd7b13..2d3ae6c2 100644
--- a/config/users/kat/gui/konawall.nix
+++ b/config/users/kat/gui/konawall.nix
@@ -10,7 +10,7 @@ with lib;
     commonTags = [ "width:>=1600" ];
     tagList = map (toList) [
       (["score:>=50"
-      "touhou" "rating:s"]) #++ optional (nixos.networking.hostName == "koishi") "rating:s")
+      "touhou"]) #++ optional (nixos.networking.hostName == "koishi") "rating:s")
     ];
   };
 }