diff --git a/home/packages/linux.nix b/home/packages/linux.nix
index 79436a2..e06b684 100644
--- a/home/packages/linux.nix
+++ b/home/packages/linux.nix
@@ -1,18 +1,4 @@
 { lib, pkgs, isNixOS ? true, ... }:
 lib.mkIf pkgs.stdenv.isLinux {
-  home.packages = with pkgs; [
-    imv
-    xdg-utils
-  ] ++ lib.optionals isNixOS [
-    betterdiscordctl
-    vesktop
-    xfce.thunar
-    pavucontrol
-    godot
-    aseprite
-    zathura
-    gpu-screen-recorder
-    gpu-screen-recorder-gtk
-    inetutils
-  ];
+
 }
diff --git a/modules/machine/yshtola/configuration.nix b/modules/machine/yshtola/configuration.nix
index 2f962fd..e774ec6 100644
--- a/modules/machine/yshtola/configuration.nix
+++ b/modules/machine/yshtola/configuration.nix
@@ -3,19 +3,25 @@
   pkgs,
   userName,
   ...
-}: {
+}:let
+  livekitKeyFile = "/var/lib/livekit/livekit.key";
+  matrixRegistrationTokenFile = "/var/lib/matrix.key";
+in {
   imports = [
     ../../pwrMgmt
-    ../../networking/core.nix
   ];
 
   # Enable flakes for NixOS
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
+  nix.settings = {
+    download-buffer-size = 134217728;  # 128 MiB in bytes
+  };
+
   # Custom kernel/boot stuff
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.loader.systemd-boot.enable = true; # TODO: check on this
-  boot.loader.efi.canTouchEfiVariables = true;
+  #  boot.loader.systemd-boot.enable = true; # TODO: check on this
+  #  boot.loader.efi.canTouchEfiVariables = true;
 
   # Set your timezone
   time.timeZone = "America/Detroit";
@@ -23,8 +29,8 @@
   # Enable OpenSSH
   services.openssh = {
     enable = true;
-    PermitRootLogin = "no";
-    PasswordAuthentication = "no";
+    settings.PermitRootLogin = "no";
+    settings.PasswordAuthentication = false;
   };
 
   # Enable keyring
@@ -49,32 +55,34 @@
     powertop.enable = false;
   };
 
-  # Core networking module (see ../../networking/core.nix)
-  network = {
-    networkManager.enable = true;
-  };
-
   # Firewall settings (fallback, upstream way of doing things)
   networking.firewall = {
     enable = true;
 
     allowedTCPPorts = [
+      80
+      443
+      8448
       3478
       5349
       7880
       7881
       8080
+      8081
     ];
 
     allowedUDPPorts = [
       3478
+      8448
     ];
 
     allowedUDPPortRanges =[
-      {
+      # TURN UDP relays
+      { 
         from = 49000;
         to = 50000;
       }
+      # 
       {
         from = 50100;
         to = 50200;
@@ -109,17 +117,17 @@
     package = pkgs.matrix-tuwunel;
     settings = {
       global = {
-        server_name = "wyattjmiller.com";
+        server_name = "chat.wyattjmiller.com";
         allow_encryption = true;
         allow_federation = true;
-        allow_registration = false;
+        allow_registration = true;
+        registration_token = matrixRegistrationTokenFile;
         allow_unstable_room_versions = false;
         allow_experimental_room_versions = false;
-        encryption_enabled_by_default_for_room_type = "all";
+        # encryption_enabled_by_default_for_room_type = false;
         zstd_compression = true;
         new_user_displayname_suffix = "✨";
         max_request_size = 1048575600; # 100MB in bytes, for file uploads
-        database_path = "/var/lib/tuwunel";
         database_backup_path = "/var/lib/tuwunel/database_backups";
         database_backups_to_keep = 2;
 
@@ -133,22 +141,39 @@
           client = "https://chat.wyattjmiller.com";
           server = "chat.wyattjmiller.com:443";
           support_email = "wyatt@wyattjmiller.com";
-          support_mxid = "@wymiller:wyattjmiller.com";
+          support_mxid = "@wymiller:chat.wyattjmiller.com";
           
-          rtc_transports = {
+          rtc_transports = [{
             type = "livekit";
             livekit_service_url = "https://rtc.wyattjmiller.com";
-          };
+          }];
         };
       };
     };
   };
 
+  # TURN/STUN server
+  services.coturn = {
+    enable = true;
+    no-cli = false;
+    no-tcp-relay = false;
+    realm = "turn.wyattjmiller.com";
+    min-port = 49000;
+    max-port = 50000;
+
+    # TODO: fill out this extraConfig option a bit more with denial of private IP addresses
+    extraConfig = ''
+      verbose
+      no-multicast-peers
+    '';
+  };
+
   # LiveKit (Matrix RTC)
   services.livekit = {
     enable = true;
     package = pkgs.livekit;
     openFirewall = true;
+    keyFile = livekitKeyFile;
     settings = {
       port = 7880;
       room.auto_create = true;
@@ -169,7 +194,7 @@
           reverse_proxy localhost:8008
         '';
       };
-      "chat.wyattjmiller.com:8443" = {
+      "chat.wyattjmiller.com:8448" = {
         extraConfig = ''
           encode zstd gzip
           reverse_proxy localhost:8008
@@ -196,20 +221,40 @@
     };
   };
 
-  # TURN/STUN server
-  services.coturn = {
+  # LiveKit JWT service
+  services.lk-jwt-service = {
     enable = true;
-    no-cli = false;
-    no-tcp-relay = false;
-    realm = "turn.wyattjmiller.com";
-    min-port = 49000;
-    max-port = 50000;
+    port = 8080;
+    livekitUrl = "wss://rtc.wyattjmiller.com";
+    keyFile = livekitKeyFile;
+    # settings = {
+    #   keys = {
+    #   	"2rew2444" = "aAssWw18asef3fa5ldehHhjunlijj8x=";
+    #   };
+    # };
+  };
 
-    # TODO: fill out this extraConfig option a bit more with denial of private IP addresses
-    extraConfig = ''
-      verbose
-      no-multicast-peers
+  # Generate LiveKit key if it doesn't exist
+  systemd.services.livekit-key = {
+    before = [
+      "lk-jwt-service.service"
+      "livekit.service"
+    ];
+    wantedBy = [ "multi-user.target" ];
+    path = with pkgs; [
+      livekit
+      coreutils
+      gawk
+    ];
+    script = ''
+      echo "Key missing, generating key"
+      echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}"
     '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+    unitConfig.ConditionPathExists = "!${livekitKeyFile}";
   };
 
   system.stateVersion = "25.11";
diff --git a/modules/machine/yshtola/hardware-configuration.nix b/modules/machine/yshtola/hardware-configuration.nix
index e69de29..7f5f6fd 100644
--- a/modules/machine/yshtola/hardware-configuration.nix
+++ b/modules/machine/yshtola/hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
+  boot.kernelParams = [ "console=ttyS0,19200n8" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.loader.grub.extraConfig = ''
+    serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
+    terminal_input serial;
+    terminal_output serial;
+  '';
+  boot.loader.grub.forceInstall = true;
+#  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "nodev";
+  boot.loader.timeout = 10;
+
+  fileSystems."/" =
+    { device = "/dev/sda";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/sdb"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}