diff --git a/.sops.yaml b/.sops.yaml
index 9d29a5a..a527974 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -20,7 +20,7 @@ creation_rules:
       - *primary
       - *builder-ssh
 
-  - path_regex: hosts/pianonix/secrets.yaml$
+  - path_regex: hosts/pianonix/secrets*
     key_groups:
     - age:
       - *primary
diff --git a/homes/julian/pianonix.nix b/homes/julian/pianonix.nix
index de5ca75..4ff018a 100644
--- a/homes/julian/pianonix.nix
+++ b/homes/julian/pianonix.nix
@@ -14,8 +14,8 @@
   is-nixos = true;
   terminal = "wezterm";
 
-  services.syncthing.tray.enable = true;
-  services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
+  # services.syncthing.tray.enable = true;
+  # services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
 
   home.packages = with pkgs; [
     music-reader
@@ -27,9 +27,33 @@
     onboard
   ];
 
+  programs.firefox = {
+    enable = true;
+
+    profiles.default = {
+      isDefault = true;
+
+      settings = {
+        "browser.startup.homepage" = "https://sheets.julian-mutter.de";
+        "browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
+      };
+    };
+  };
+
+  programs.chromium = {
+    enable = true;
+
+    # commandLineArgs = [
+    #   "--homepage=https://sheets.julian-mutter.de"
+    #   "--no-first-run"
+    # ];
+  };
+
   # Autostart link
   home.file = {
-    ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
+    # ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
+    ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
     ".config/sheet-organizer/config.toml".text = ''
       working_directory = "/home/julian/Klavier"
     '';
diff --git a/hosts/pianonix/default.nix b/hosts/pianonix/default.nix
index 22e470c..c66087f 100644
--- a/hosts/pianonix/default.nix
+++ b/hosts/pianonix/default.nix
@@ -22,21 +22,41 @@
     ../common/optional/pcmanfm.nix
     ../common/optional/redshift.nix
     ../common/optional/authentication.nix
+
+    ../common/optional/avahi.nix
   ];
 
   # disko.devices.disk.main.device = "/dev/mmcblk1";
 
+  # enabled by fish, disabling speeds up builds
+  documentation.man.generateCaches = false;
+
+  networking.enableIPv6 = false; # This only leads to issues with avahi
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true; # bluetooth gui
+  # raspberry pi specific
+  # systemd.services.btattach = {
+  #   before = [ "bluetooth.service" ];
+  #   after = [ "dev-ttyAMA0.device" ];
+  #   wantedBy = [ "multi-user.target" ];
+  #   serviceConfig = {
+  #     ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
+  #   };
+  # };
   # networking.wireless.enable = true;
   # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
   # networking.wireless.networks = {
   #   "@SSID@".psk = "@PSK@";
   # };
+  services.gnome.at-spi2-core.enable = true; # for onboard
+
   networking.hostName = "pianonix";
   system.stateVersion = "22.11";
 
   sops.secrets."vnc-passwd" = {
     owner = config.users.users.julian.name;
-    sopsFile = ./vnc-passwd;
+    sopsFile = ./secrets-vnc-passwd.bin;
     format = "binary";
   };
   sops.secrets."wifi/pianonix" = {};
@@ -45,6 +65,18 @@
   # sops.secrets."syncthing/public-keys/aspi-nix" = { };
   # sops.secrets."syncthing/public-keys/pianonix" = { };
 
+  sops.secrets."wg-config" = {
+    sopsFile = ./secrets-wg-config.bin;
+    format = "binary";
+  };
+
+  networking.wg-quick.interfaces = {
+    home = {
+      configFile = config.sops.secrets."wg-config".path;
+      autostart = true; # This interface is started on boot
+    };
+  };
+
   modules = {
     syncthing = {
       enable = true;
@@ -54,6 +86,7 @@
 
   # Enable the Desktop Environment.
   # services.xserver.displayManager.lightdm.enable = true;
+  services.displayManager.defaultSession = "xfce";
   services.displayManager.autoLogin = {
     enable = true;
     user = "julian";
@@ -73,10 +106,11 @@
     };
   };
 
-  boot.loader.timeout = 1; # Set boot loader timeout to 1s
+  boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
 
   # De-facto disable network manager, which is enabled by gnome
   # networking.networkmanager.unmanaged = [ "*" ];
+  services.xserver.enable = true;
   services.xserver.desktopManager = {
     xfce = {
       enable = true;
diff --git a/hosts/pianonix/hardware-configuration.nix b/hosts/pianonix/hardware-configuration.nix
index 941954b..78f73a9 100644
--- a/hosts/pianonix/hardware-configuration.nix
+++ b/hosts/pianonix/hardware-configuration.nix
@@ -14,6 +14,7 @@
   boot.initrd.kernelModules = [];
   boot.kernelModules = [];
   boot.extraModulePackages = [];
+  boot.kernelPackages = pkgs.linuxPackages_latest; # use latest linux kernel
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
diff --git a/hosts/pianonix/vnc-passwd b/hosts/pianonix/secrets-vnc-passwd.bin
similarity index 100%
rename from hosts/pianonix/vnc-passwd
rename to hosts/pianonix/secrets-vnc-passwd.bin
diff --git a/hosts/pianonix/secrets-wg-config.bin b/hosts/pianonix/secrets-wg-config.bin
new file mode 100644
index 0000000..a3b8b8e
--- /dev/null
+++ b/hosts/pianonix/secrets-wg-config.bin
@@ -0,0 +1,18 @@
+{
+	"data": "ENC[AES256_GCM,data:SFc3K1hvBjeCS6ikLZl3vIPFJqsUrZZi9yO9tVuv14exKhOuK17HN/d+cYMtVxGwqQ/biFdXYdP8/sfTPwwZgd/wRLT2xRDMOg5ru7kj8sEhcOEYmrgYRLo3ImdWANFaxelWOmjEvzphTQ7guvXTo7BACUA9AygYa9Ou9bklYImWhOCsk8e9uz5afLZXscidiqUqqFuJNo3QGMDEAxFI2YC3OpLwEj5zlsI4AXEEHRVUxU1sVtspdolDaeiFIs/JW4jLu/2la6JyGJUluYXAThzL1LO39NA/MSNskMSedatz89vnCd9CP6Q3eT93vrUYAEY=,iv:e+tWIlHm4NH1w8AQAw6tvgCX9XOiroE1XmrSua3Bcg4=,tag:RwGpKtG9JzQ3TgcnzEV5Rg==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkd0t1dVk0VU5Vajg0NlBi\nQ2hnUUFKZ2FuUEVPOFFIcUdRSVV6TzlYakFBCmNQVFZpTm0wSW9MclRNaDJUcHRp\nbmhRcld5MmJUV2VXL0l3aXJrWWVCbE0KLS0tIHAvWU5yVC9mSXU5SUpScnQwMUh4\nandnYUxVVVFNeHZER3ZuYlBYSC9PcmMKEfQqJllI8cYg3hdN9SCVruRk5bqfQJ0s\ncdFHjR+ImRzyb6e/XZqSnYD6dJebeqNiU19FFdVxAssa8zqXoLiEhg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSTk3NXJ0MTFIVCtnQlNv\nQ2gzbFJVbzJ0S2hGV0J2d3pQNWxnYk82T2s0CklOUnZVUTRwNzlVcE94TlIyNko2\nTFNzV3AxSFcyN0JvVitISk5pT3ZUSmcKLS0tICtZdTJSQS85c3J0NGIydW9wNDA0\nb0dZaisxWGw1Y0JleUFtb3p4MkxDVHcKId8ELqzqPOKGdJOC4D18aoWOjTuy6i6q\nwxN/ThkqGO7ktVFEYuRT+slSHcE+TM4iD745QZvR5H0JkLZbQTYyqw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-10-14T06:56:31Z",
+		"mac": "ENC[AES256_GCM,data:DrcOET5U6veg0qhcBjQQ5neCdTUufMxhIz4ZQzvzd+YxKfAqaq8R1PW5VVlUjhDBaUH9i3J1Wj6X4E600uhayY0E9I5VqfO84hqlosfZWPiWPO8prK46Y7R3Ybdh9uvWQxiaSxy8KHXsdDgsBFLlmLe/QvsDSUv56rPofkm06vg=,iv:XBFP8ANpsszeXqQIE/v7+GmZGlFtxgE/EtgL/Cc3x+8=,tag:ZJgO+hLuwIatE55wo94RVw==,type:str]",
+		"version": "3.11.0"
+	}
+}