diff --git a/flake.lock b/flake.lock
index 50c6096..c270768 100644
--- a/flake.lock
+++ b/flake.lock
@@ -383,7 +383,7 @@
     "hercules-ci-effects": {
       "inputs": {
         "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1701009247,
@@ -647,9 +647,7 @@
     },
     "nixDarwin": {
       "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1727003835,
@@ -879,6 +877,18 @@
       }
     },
     "nixpkgs_4": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
+        "path": "/nix/store/y6205wq8hxvpqvl8l9d1n9xah01kg0lq-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1697723726,
         "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
@@ -894,13 +904,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
       "locked": {
-        "lastModified": 1726937504,
-        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
+        "lastModified": 1728241625,
+        "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9357f4f23713673f310988025d9dc261c20e70c6",
+        "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1",
         "type": "github"
       },
       "original": {
@@ -910,7 +920,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
       "locked": {
         "lastModified": 1678470307,
         "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=",
@@ -926,7 +936,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
       "locked": {
         "lastModified": 1682134069,
         "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@@ -1081,7 +1091,7 @@
         "fan-control": "fan-control",
         "flake-parts": "flake-parts_4",
         "kernel-src": "kernel-src",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_7",
         "nixpkgs-kernel": "nixpkgs-kernel",
         "panfork": "panfork",
         "tow-boot": "tow-boot",
@@ -1120,7 +1130,7 @@
         "nixDarwin": "nixDarwin",
         "nixThePlanet": "nixThePlanet",
         "nixosHardware": "nixosHardware",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
         "rock5b": "rock5b",
         "treefmt-nix": "treefmt-nix_2",
         "vscode-server": "vscode-server"
@@ -1291,7 +1301,7 @@
     "vscode-server": {
       "inputs": {
         "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_8"
       },
       "locked": {
         "lastModified": 1713958148,
diff --git a/flake.nix b/flake.nix
index 28b3f03..bc75454 100644
--- a/flake.nix
+++ b/flake.nix
@@ -35,7 +35,6 @@
     };
     nixDarwin = {
       url = "github:LnL7/nix-darwin";
-      inputs.nixpkgs.follows = "nixpkgs";
     };
     nix-on-droid.url = "github:nix-community/nix-on-droid";
     lix = {
diff --git a/hmModules/firefox/default.nix b/hmModules/firefox/default.nix
index 4f0a3c2..43d60a3 100644
--- a/hmModules/firefox/default.nix
+++ b/hmModules/firefox/default.nix
@@ -18,7 +18,6 @@ in
     policies = {
       DisableTelemetry = true;
       DisableFirefoxStudies = true;
-
       EnableTrackingProtection = {
         Value = true;
         Locked = true;
diff --git a/hmModules/hyprland/hyprland.conf b/hmModules/hyprland/hyprland.conf
index c953fc6..c8c20af 100644
--- a/hmModules/hyprland/hyprland.conf
+++ b/hmModules/hyprland/hyprland.conf
@@ -32,9 +32,10 @@ windowrulev2 = float, title:^(floating)$
 bind = $mod, b, exec, firefox
 bind = $mod, t, exec, footclient $SHELL -C "zellij"
 bind = $mod, Return, exec, footclient
-bind = $mod, y, exec, waypipe --compress lz4=10 ssh picard.fleet emacsclient -c
+bind = $mod, m, exec, footclient $SHELL -C "aerc"
 bind = $mod, d, exec, fuzzel --background-color=253559cc --border-radius=5 --border-width=0
 bind = $mod, s, exec, screenshot.sh
+bind = $mod, n, exec, logseq
 bind = , XF86MonBrightnessUp, exec, brightnessctl s +5%
 bind = , XF86MonBrightnessDown, exec, brightnessctl s 5%-
 bind = $mod, code:60, exec, brightnessctl s +5%
diff --git a/hmModules/libreoffice/default.nix b/hmModules/libreoffice/default.nix
new file mode 100644
index 0000000..1e846d4
--- /dev/null
+++ b/hmModules/libreoffice/default.nix
@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  home.packages = [ pkgs.libreoffice ];
+}
diff --git a/hmModules/logseq/default.nix b/hmModules/logseq/default.nix
new file mode 100644
index 0000000..10c295c
--- /dev/null
+++ b/hmModules/logseq/default.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+let
+  logseq = pkgs.appimageTools.wrapType2 {
+    name = "logseq";
+    version = "nightly-20240909";
+    src = pkgs.fetchurl {
+      url = "https://github.com/logseq/logseq/releases/download/nightly/Logseq-linux-x64-0.10.10-alpha+nightly.20240909.AppImage";
+      hash = "sha256-Hy/zk8ZCkWajsMRUMsewLvkKpMpsBZYnFootPU9y6Z0=";
+    };
+  };
+in
+{
+  home.packages = [ logseq ];
+}
diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix
index ded359d..c4128f7 100644
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@@ -89,6 +89,8 @@
       "freecad"
       "zathura"
       "imv"
+      "libreoffice"
+      "logseq"
     ];
     extraGroups = [ ];
     backupPaths = [ ];
diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix
index 44277c3..8a386be 100644
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@@ -28,12 +28,14 @@
       "garmin-collector"
       "restic"
       "atuin"
+      "rock5b-fan-control"
+      "immich"
     ]
     ++ [
       ./disko.nix
     ];
 
-  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_10;
+  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_11;
 
   system.stateVersion = "24.05";
 
@@ -94,12 +96,6 @@
   fileSystems."/persist".neededForBoot = true;
   boot.tmp.cleanOnBoot = true;
 
-  fileSystems."/mnt/hd" = {
-    device = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU-part1";
-    fsType = "ext4";
-    options = [ "nofail" ];
-  };
-
   environment.systemPackages = with pkgs; [
     cifs-utils
   ];
diff --git a/hosts/sisko/disko.nix b/hosts/sisko/disko.nix
index 909a33b..ba5c708 100644
--- a/hosts/sisko/disko.nix
+++ b/hosts/sisko/disko.nix
@@ -1,9 +1,7 @@
 let
   ssd = "/dev/disk/by-id/ata-CT240BX300SSD1_1739E1042F3C";
+  hd = "/dev/disk/by-id/ata-ST12000NM0558_ZHZ6006Q";
 in
-# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550";
-# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530";
-# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU";
 {
   disko.devices = {
     nodev."/" = {
@@ -58,6 +56,63 @@ in
           };
         };
       };
+      hd = {
+        device = hd;
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "bcachefs";
+                mountpoint = "/mnt/hd";
+              };
+            };
+          };
+        };
+      };
+      #   hd = {
+      #     type = "disk";
+      #     device = hd;
+      #     content = {
+      #       type = "gpt";
+      #       partitions = {
+      #         zfs = {
+      #           size = "100%";
+      #           content = {
+      #             type = "zfs";
+      #             pool = "zroot";
+      #           };
+      #         };
+      #       };
+      #     };
+      #   };
+      # };
+      # zpool = {
+      #   zroot = {
+      #     type = "zpool";
+      #     rootFsOptions = {
+      #       compression = "lz4";
+      #       acltype = "posixacl";
+      #       xattr = "sa";
+      #       "com.sun:auto-snapshot" = "true";
+      #       mountpoint = "none";
+      #     };
+      #     datasets = {
+      #       "root" = {
+      #         type = "zfs_fs";
+      #         options.mountpoint = "/mnt/hd";
+      #         mountpoint = "/mnt/hd";
+      #       };
+      #       "root/torrent" = {
+      #         type = "zfs_fs";
+      #         options.mountpoint = "/mnt/hd/torrent";
+      #         mountpoint = "/mnt/hd/torrent";
+      #       };
+      #     };
+      #  };
     };
   };
 }
diff --git a/modules/immich/default.nix b/modules/immich/default.nix
index be7e905..ffa5968 100644
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@@ -1,20 +1,99 @@
+{ ... }:
+let
+  vars = {
+    serviceConfigRoot = "/mnt/hd/immich/state";
+    mainArray = "/mnt/hd/immich/";
+    domainName = "photos.aciceri.dev";
+  };
+  directories = [
+    "${vars.serviceConfigRoot}/immich"
+    "${vars.serviceConfigRoot}/immich/postgresql"
+    "${vars.serviceConfigRoot}/immich/postgresql/data"
+    "${vars.serviceConfigRoot}/immich/config"
+    "${vars.serviceConfigRoot}/immich/machine-learning"
+    "${vars.mainArray}/Photos"
+    "${vars.mainArray}/Photos/Immich"
+    "${vars.mainArray}/Photos/S10m"
+  ];
+in
 {
-  containers.immich = {
-    nixpkgs = builtins.getFlake "github:NixOS/nixpkgs/51296fce6f2b33717f710788af4e134aa7ff0e58";
-    autoStart = true;
-    privateNetwork = true;
-    # hostAddress = "192.168.100.10";
-    # localAddress = "192.168.100.11";
-    # hostAddress6 = "fc00::1";
-    # localAddress6 = "fc00::2";
-    config =
-      {
-        ...
-      }:
-      {
-        services.immich = {
-          enable = true;
-        };
+  systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories;
+  systemd.services = {
+    podman-immich = {
+      requires = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+      after = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+    };
+    podman-immich-postgres = {
+      requires = [ "podman-immich-redis.service" ];
+      after = [ "podman-immich-redis.service" ];
+    };
+  };
+
+  virtualisation.oci-containers.containers = {
+    immich = {
+      autoStart = true;
+      image = "ghcr.io/imagegenius/immich:latest";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/config:/config"
+        "${vars.mainArray}/Photos/Immich:/photos"
+        "${vars.mainArray}/Photos/S10m:/import:ro"
+        "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        PUID = "994";
+        PGID = "993";
+        TZ = "Europe/Rome";
+        DB_HOSTNAME = "immich-postgres";
+        DB_USERNAME = "immich";
+        DB_DATABASE_NAME = "immich";
+        REDIS_HOSTNAME = "immich-redis";
+        DB_PASSWORD = "password";
       };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
+
+    immich-redis = {
+      autoStart = true;
+      image = "redis";
+      extraOptions = [
+        "--pull=newer"
+        "-l=traefik.enable=true"
+        "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)"
+        "-l=traefik.http.routers.immich.service=immich"
+        "-l=traefik.http.services.immich.loadbalancer.server.port=8080"
+      ];
+      ports = [
+        "8080:8080"
+      ];
+    };
+
+    immich-postgres = {
+      autoStart = true;
+      image = "tensorchord/pgvecto-rs:pg14-v0.2.1";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        POSTGRES_USER = "immich";
+        POSTGRES_DB = "immich";
+        POSTGRES_HOST_AUTH_METHOD = "trust";
+        POSTGRES_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
   };
 }
diff --git a/modules/mount-rock5b/default.nix b/modules/mount-rock5b/default.nix
index a31eb1c..5ae34a0 100644
--- a/modules/mount-rock5b/default.nix
+++ b/modules/mount-rock5b/default.nix
@@ -15,7 +15,7 @@
         '';
       in
       [
-        "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
+        "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,uid=1000,gid=1000"
       ];
   };
 }
diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix
index 37340e4..77d6230 100644
--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@@ -8,11 +8,9 @@
     "d /mnt/raid/nextcloud 770 nextcloud nextcloud"
   ];
 
-  ccr.extraGroups = [ "nextcloud" ];
-
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud26;
+    package = pkgs.nextcloud_30;
     database.createLocally = true;
     home = "/mnt/raid/nextcloud";
     hostName = "nextcloud.aciceri.dev";
@@ -21,6 +19,4 @@
       overwriteProtocol = "https";
     };
   };
-
-  networking.firewall.allowedTCPPorts = [ 80 ];
 }
diff --git a/modules/restic/default.nix b/modules/restic/default.nix
index 0d082b3..3edb52d 100644
--- a/modules/restic/default.nix
+++ b/modules/restic/default.nix
@@ -26,13 +26,22 @@ in
   }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
 
   services.restic.backups.sisko = {
-    paths = [ "/persist" ];
+    paths = [
+      "/persist"
+      "/mnt/hd/immich"
+    ];
+    exclude = [ " /persist/var/lib/containers" ];
     passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path;
     extraOptions = [
       "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'"
     ];
     repository = "sftp://${user}@${host}:${port}/";
     initialize = true;
+    pruneOpts = [
+      "--keep-yearly 1"
+      "--keep-monthly 2"
+      "--keep-daily 7"
+    ];
     timerConfig.OnCalendar = "daily";
     timerConfig.RandomizedDelaySec = "1h";
   };
diff --git a/modules/rock5b-proxy/default.nix b/modules/rock5b-proxy/default.nix
index 926f664..3a324ef 100644
--- a/modules/rock5b-proxy/default.nix
+++ b/modules/rock5b-proxy/default.nix
@@ -36,17 +36,17 @@
         proxyPass = "http://localhost:${builtins.toString config.services.invidious.port}";
       };
     };
-    # "photos.aciceri.dev" = {
-    #   extraConfig = ''
-    #     client_max_body_size 50000M;
-    #   '';
-    #   forceSSL = true;
-    #   enableACME = true;
-    #   locations."/" = {
-    #     proxyPass = "http://localhost:2283";
-    #     proxyWebsockets = true;
-    #   };
-    # };
+    "photos.aciceri.dev" = {
+      extraConfig = ''
+        client_max_body_size 50000M;
+      '';
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:8080";
+        proxyWebsockets = true;
+      };
+    };
 
     # "jellyfin.aciceri.dev" = {
     #   forceSSL = true;
diff --git a/modules/rock5b-samba/default.nix b/modules/rock5b-samba/default.nix
index 3791c92..9350089 100644
--- a/modules/rock5b-samba/default.nix
+++ b/modules/rock5b-samba/default.nix
@@ -9,7 +9,7 @@
 
     samba = {
       enable = true;
-      securityType = "user";
+      # global.security = "user";
       settings.global = {
         "workgroup" = "WORKGROUP";
         "server string" = "rock5b";
@@ -21,7 +21,7 @@
         "recycle:keeptree" = "yes";
         "recycle:versions" = "yes";
       };
-      shares = {
+      settings = {
         torrent = {
           path = "/mnt/hd/torrent";
           comment = "torrent";
diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix
index 2052b37..15db1d1 100644
--- a/modules/transmission/default.nix
+++ b/modules/transmission/default.nix
@@ -4,8 +4,6 @@
     enable = true;
     openRPCPort = true;
     openPeerPorts = true;
-    # FIXME remove after https://github.com/NixOS/nixpkgs/issues/279049
-    webHome = "${config.services.transmission.package}/share/transmission/web";
     settings = {
       download-dir = "/mnt/hd/torrent";
       incomplete-dir = "/mnt/hd/torrent/.incomplete";
@@ -32,7 +30,7 @@
       alt-speed-time-day = 127; # all days, bitmap, 0111110 is weekends and 1000001 is weekdays
 
       ratio-limit-enabled = true;
-      ratio-limit = 100; # I am a generous god
+      ratio-limit = 2;
     };
   };