diff --git a/base/absolution/configuration.nix b/base/absolution/configuration.nix
index be45aa9..2dfb408 100644
--- a/base/absolution/configuration.nix
+++ b/base/absolution/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, lib, inputs, ... }: 
+{ config, pkgs, lib, inputs, ... }:
 
 {
   imports =
@@ -10,32 +10,44 @@
       ./hardware-configuration.nix
     ];
 
-  nix.package = pkgs.lix;  
+  nix.package = pkgs.lix;
+  nix.settings.trusted-users = [ "alyx" "root" ];
 
-  systemd.services.setpci = {
-    description = "this runs the command that binds 2 of my usb ports to the EHCI controller";
-    wantedBy = ["multi-user.target"];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "${pkgs.pciutils}/bin/setpci -s0:14.0 0xd0.W=0x3f3f";
+  services.blueman.enable = true;
+  services.upower.enable = true;
+  hardware.i2c.enable = true;
+  services.pcscd.enable = true;
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+    openFirewall = true;
+    interfaceName = "userspace-networking";
+  };
+
+  networking.firewall.checkReversePath = "loose";
+
+  networking.useDHCP = false;
+  services.resolved.enable = true;
+  systemd.network.enable = true;
+
+  systemd.network.networks."enp0s25" = {
+    matchConfig.Name = "enp0s25";
+    networkConfig.DHCP = "yes";
+  };
+
+  services.networkd-dispatcher = {
+    enable = true;
+    rules."50-tailscale" = {
+      onState = ["routable"];
+      script = ''
+        "${pkgs.ethtool} NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") | -K enp0s31f6 rx-udp-gro-forwarding on rx-gro-list off"
+      '';
     };
   };
 
-  nix.settings.trusted-users = [ "alyx" "root" ];
-
-  #services.udev.extraRules = builtins.readFile ./udev.rules;
-  services.gnome.gnome-keyring.enable = true;
-  security.pam.services.greetd.enableGnomeKeyring = true;
-  security.pam.services.greetd.gnupg.enable = true;
-
-  security.pam.services.login = {
-    enableGnomeKeyring = true;
-    gnupg.enable = true;
-  };
-
-  programs.gnupg.agent = {
+  services.monado = {
     enable = true;
-    enableSSHSupport = true;
+    defaultRuntime = true;
   };
 
   programs.nh = {
@@ -44,28 +56,80 @@
     clean.extraArgs = "--keep-since 4d --keep 3";
     flake = "/home/alyx/.config/nixos";
   };
-
-  hardware.wooting.enable = true;
-  hardware.openrazer.enable = true;
-
+  programs.adb.enable = true;
+  programs.steam.extraCompatPackages = with pkgs; [ proton-ge-rtsp-bin ];
   environment.pathsToLink = [ "/share/xdg-desktop-portal" ];
+  security.sudo.package = pkgs.sudo.override { withInsults = true; };
+
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.greetd.enableGnomeKeyring = true;
+  security.pam.services.greetd.gnupg.enable = true;
+  
+  security.pam.services.login = {
+    enableGnomeKeyring = true;
+    gnupg.enable = true;
+  };
 
   systemd = {
-    user.services.polkit-gnome-authentication-agent-1 = {
-      description = "polkit-gnome-authentication-agent-1";
-      wantedBy = [ "graphical-session.target" ];
-      wants = [ "graphical-session.target" ];
-      after = [ "graphical-session.target" ];
+    services.setpci = {
+      description = "this runs the command that binds 2 of my usb ports to the EHCI controller";
+      wantedBy = ["multi-user.target"];
       serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.pciutils}/bin/setpci -s0:14.0 0xd0.W=0x3f3f";
+      };
+    };
+    user = {
+      services.polkit-gnome-authentication-agent-1 = {
+        description = "polkit-gnome-authentication-agent-1";
+        wantedBy = [ "graphical-session.target" ];
+        wants = [ "graphical-session.target" ];
+        after = [ "graphical-session.target" ];
+        serviceConfig = {
           Type = "simple";
           ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
           Restart = "on-failure";
           RestartSec = 1;
           TimeoutStopSec = 10;
+        };
       };
-    };
+      services.monado.environment = {
+        STEAMVR_LH_ENABLE = "1";
+        XRT_COMPOSITOR_COMPUTE = "1";
+        WMR_HANDTRACKING = "0";
+        AMD_VULKAN_ICD="RADV";
+      };
+    };  
   };
 
+  hardware.wooting.enable = true;
+
+  security.polkit.enable = true;
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.limine = {
+    enable = true;
+    style.wallpapers = [ ];
+    additionalFiles = {
+      "efi/memtest86/memtest86.efi" = "${pkgs.memtest86-efi}/BOOTX64.efi";
+      "efi/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi";
+
+    };
+    extraEntries = ''
+    /memtest86
+      protocol: efi
+      path: boot():/limine/efi/memtest86/memtest86.efi
+    /shell
+      protocol: efi
+      path: boot():/limine/efi/shell.efi
+    '';
+
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+  powerManagement.cpuFreqGovernor = "performance";
+  # Bootloader.
+  programs.virt-manager.enable = true;
+  services.gvfs.enable = true;
+  hardware.keyboard.qmk.enable = true;
   virtualisation = {
     libvirtd = {
       enable = true;
@@ -86,140 +150,51 @@
     spiceUSBRedirection.enable = true;
   };
 
-  security.polkit.enable = true;
-
-  security.sudo.package = pkgs.sudo.override { withInsults = true; };
-
-  programs.steam.extraCompatPackages = with pkgs; [ proton-ge-rtsp-bin ];
-
-  programs.bash.shellAliases = {
-    nano = "nvim";
-  };
-
-  programs = {
-    adb.enable = true;
-    flashrom.enable = true;
-    nix-ld.enable = true;
-    nix-ld.libraries = with pkgs; [xorg.libxcb libao xorg.libX11 libusb1 cargo rustc pkg-config cacert libpulseaudio libsecret file];
-  };
-
-  services.journald.extraConfig = ''
-    SystemMaxUse=2G
-  '';
-
-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "both";
-    openFirewall = true;
-    interfaceName = "userspace-networking";
-  };
-
-  networking.firewall.checkReversePath = "loose";
-
-  networking.useDHCP = false;
-
-  services.resolved.enable = true;
-  
-  systemd.network.enable = true;
-  
-  systemd.network.networks."enp0s25" = {
-    matchConfig.Name = "enp0s25";
-    networkConfig.DHCP = "yes";
-  };
-
-  services.networkd-dispatcher = {
-    enable = true;
-    rules."50-tailscale" = {
-      onState = ["routable"];
-      script = ''
-        "${pkgs.ethtool} NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") | -K enp0s25 rx-udp-gro-forwarding on rx-gro-list off"
-      '';
-    };
-  };
-  
-  boot.supportedFilesystems = ["exfat" "ntfs" "xfs"];
-  boot.loader.limine.enable = true;
-  boot.loader.limine.style.wallpapers = [];
-  boot.loader.limine.additionalFiles = {
-    "efi/memtest86.efi" = "${pkgs.memtest86-efi}/BOOTX64.efi";
-    "efi/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi";
-  };
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.initrd.systemd.enable = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/";
-  boot.extraModulePackages = [
-    config.boot.kernelPackages.v4l2loopback.out
-    config.boot.kernelPackages.hid-t150.out
-  ];
-
-  services.monado = {
-    enable = true;
-    defaultRuntime = true;
-  };
- 
-  systemd.user.services.monado.environment = {
-    STEAMVR_LH_ENABLE = "1";
-    XRT_COMPOSITOR_COMPUTE = "1";
-    WMR_HANDTRACKING = "0";
-    AMD_VULKAN_ICD="RADV";
-  };
-
-  programs.virt-manager.enable = true;
   systemd.packages = with pkgs; [lact];
+  services.udev.packages = with pkgs; [xr-hardware];
   systemd.services.lactd.wantedBy = ["multi-user.target"];
   networking.hostName = "absolution"; # Define your hostname.
 
-  powerManagement.cpuFreqGovernor = "performance";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
   # Enable networking
   hardware.graphics = {
     enable = true;
     enable32Bit = true;
+    
     extraPackages = with pkgs; [mesa.opencl libvdpau-va-gl vaapiVdpau vulkan-validation-layers];
     extraPackages32 = with pkgs; [driversi686Linux.amdvlk driversi686Linux.mesa.opencl];
   };
+  
+  programs.bash.shellAliases = {
+    nano = "nvim";
+  };  
 
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
-
-  #networking.networkmanager = {
-  #  enable = true;
-  #  wifi.backend = "iwd";
-  #};
-
-    # Set your time zone.
+  programs.gphoto2.enable = true;
+  # Set your time zone.
   time.timeZone = "Europe/London";
 
   # Select internationalisation properties.
-  i18n.defaultLocale = "en_GB.UTF-8";
-
+  i18n.defaultLocale = "en_AU.UTF-8";
+  nix.settings.experimental-features = "nix-command flakes";
   services.udisks2.enable = true;
-
   i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_GB.UTF-8";
-    LC_IDENTIFICATION = "en_GB.UTF-8";
-    LC_MEASUREMENT = "en_GB.UTF-8";
-    LC_MONETARY = "en_GB.UTF-8";
-    LC_NAME = "en_GB.UTF-8";
-    LC_NUMERIC = "en_GB.UTF-8";
-    LC_PAPER = "en_GB.UTF-8";
-    LC_TELEPHONE = "en_GB.UTF-8";
-    LC_TIME = "en_GB.UTF-8";
+    LC_ADDRESS = "en_AU.UTF-8";
+    LC_IDENTIFICATION = "en_AU.UTF-8";
+    LC_MEASUREMENT = "en_AU.UTF-8";
+    LC_MONETARY = "en_AU.UTF-8";
+    LC_NAME = "en_AU.UTF-8";
+    LC_NUMERIC = "en_AU.UTF-8";
+    LC_PAPER = "en_AU.UTF-8";
+    LC_TELEPHONE = "en_AU.UTF-8";
+    LC_TIME = "en_AU.UTF-8";
   };
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
   # Enable the X11 windowing system.
-  services.xserver.enable = false;
+  services.xserver.enable = true;
   programs.dconf.enable = true;
 
   # Configure keymap in X11
   services.xserver.xkb = {
-    layout = "gb";
+    layout = "us";
     variant = "";
   };
 
@@ -238,18 +213,14 @@
     })
   ];
 
-  security = {
-    rtkit.enable = true;
-  };
-
   # Enable sound with pipewire.
   services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
   services.pipewire = {
     enable = true;
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
     jack.enable = true;
     extraConfig.pipewire.noresample = { "context.properties" = { "default.clock.allowed-rates" = [ 44100 48000 192000 ]; }; };
     extraConfig.pipewire."92-low-latency" = {
@@ -281,22 +252,19 @@
   };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  
   users.users.alyx = {
     isNormalUser = true;
     description = "Alyx";
-    extraGroups = [ "openrazer" "pipewire" "gamemode" "inputs" "networkmanager" "wheel" "libvirtd" "camera" "qemu-libvirtd" "lxd" "uinput" "qemu-libvirt" "input" ];
-    packages = with pkgs; [
-    ];
+    extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirt" "camera" "input" "adbusers" "inputs" "uinput" "qemu-libvirtd" "lxd" "pipewire" ];
   };
 
+  # Install firefox.
   services.libinput.enable = true;
-
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
-  services.gvfs.enable = true;
- 
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
   environment.systemPackages = with pkgs; [
     hyprlock
     file
@@ -334,6 +302,15 @@
     (pkgs.python3.withPackages (ps: with ps; [tkinter]))
   ];
 
-  system.stateVersion = "24.11"; # Did you read the comment?
+   programs.gnupg.agent = {
+     enable = true;
+     enableSSHSupport = true;
+   };
+
+   systemd.tmpfiles.rules = [
+     "f /dev/shm/looking-glass 0660 alyx qemu-libvirtd -"
+   ];
+
+  system.stateVersion = "24.11";
 
 }
diff --git a/base/absolution/default.nix b/base/absolution/default.nix
index 40a5189..a94a618 100644
--- a/base/absolution/default.nix
+++ b/base/absolution/default.nix
@@ -3,10 +3,10 @@
     ./configuration.nix
     ../overrides.nix
     ../ssh.nix
+    ../firewall.nix
     ../substituters.nix
     ../fonts.nix
-    ../greetd.nix
-    #../virtualisation/virtualisation.nix
     ../udev.nix
+    ../greetd.nix
   ];
 }
diff --git a/base/absolution/hardware-configuration.nix b/base/absolution/hardware-configuration.nix
index e6ece07..b7720af 100644
--- a/base/absolution/hardware-configuration.nix
+++ b/base/absolution/hardware-configuration.nix
@@ -8,20 +8,32 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "nvme" "usb_storage" "sd_mod" "sr_mod" ];
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    settings = {
+      General.Experimental = true;
+    };
+    input = { 
+      General.ClassicBondedOnly = false;
+      General.UserspaceHID = true;
+    };
+  };
+
+  boot.supportedFilesystems = ["exfat" "ntfs" "xfs"];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vendor-reset" ];
   boot.kernelModules = [ "kvm-intel" "vfio_virqfd" "vhost-net" "v4l2loopback" "12c-dev" ];
-  boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback vendor-reset hid-t150];
-  boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
-  boot.kernel.sysctl = {
-    "vm.max_map_count" = 2147483642;
-  };
+  boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback vendor-reset hid-t150 ];
   boot.extraModprobeConfig = ''
-    options vfio-pci ids=1002:67df,1002:aaf0,1b21:2142,8086:8d26,8086:8d2d
+    options vfio-pci ids=1002:6fdf,1002:aaf0,1b21:1242,1002:67df
     options v4l2loopback devices=2 video_nr=1,2 card_label="Lenovo Camera" exclusive_caps=1
   '';
+  boot.blacklistedKernelModules = ["nouveau"];
+  boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" "intel_iommu=on" "iommu=pt" "preempt=voluntary" "module_blacklist=nouveau" ];
+  #boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
+
 
-  boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" "intel_iommu=on" "iommu=pt" "preempt=voluntary" ];
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/9d711676-b74f-4b8e-a5bb-d8e4864966e1";
@@ -31,17 +43,19 @@
   fileSystems."/boot" =
     { device = "/dev/disk/by-uuid/A4B4-1762";
       fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
     };
 
   fileSystems."/500G" = 
     { device = "/dev/disk/by-uuid/88c7ab87-3bec-4f52-ab4f-c1a081df191f";
       fsType = "xfs";
+      options = [ "x-gvfs-show" ];
     };
 
   fileSystems."/250G" = 
     { device = "/dev/disk/by-uuid/1375e97d-e67b-43b7-827c-c1b984e0f42f";
       fsType = "xfs";
+      options = [ "x-gvfs-show" ];
     };
 
   swapDevices =
@@ -53,7 +67,8 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;