diff --git a/machines/drone/configuration.nix b/machines/drone/configuration.nix
index b0df021..8fbaddf 100644
--- a/machines/drone/configuration.nix
+++ b/machines/drone/configuration.nix
@@ -1,6 +1,7 @@
-{ self, ... }: {
+{ self, ... }:
+{ modulesPath, ... }: {
   imports = [
-    ./hardware-configuration.nix
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ../../users/root
     ../../users/erwin
   ];
@@ -21,28 +22,32 @@
 
   system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
 
-  networking = {
-    hostName = "drone";
-    useDHCP = false;
+  # networking = {
+  #   hostName = "drone";
+  #   useDHCP = false;
 
-    interfaces = {
-      eth0 = {
-        ipv4.addresses = [
-          {
-            address = "10.0.0.202";
-            prefixLength = 24;
-          }
-        ];
-      };
-    };
+  #   interfaces = {
+  #     eth0 = {
+  #       ipv4.addresses = [
+  #         {
+  #           address = "10.0.0.202";
+  #           prefixLength = 24;
+  #         }
+  #       ];
+  #     };
+  #   };
 
-    defaultGateway = "10.0.0.1";
-    nameservers = [ "10.0.0.254" ];
+  #   defaultGateway = "10.0.0.1";
+  #   nameservers = [ "10.0.0.254" ];
+  # };
+
+  proxmoxLXC = {
+    privileged = true;
   };
 
   security.sudo.execWheelOnly = true;
 
-  services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
diff --git a/machines/frigate/configuration.nix b/machines/frigate/configuration.nix
index 8497114..68b647d 100644
--- a/machines/frigate/configuration.nix
+++ b/machines/frigate/configuration.nix
@@ -49,7 +49,7 @@
 
   security.sudo.execWheelOnly = true;
 
-  # services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
diff --git a/machines/gitea/configuration.nix b/machines/gitea/configuration.nix
index 8300f8b..7e340a5 100644
--- a/machines/gitea/configuration.nix
+++ b/machines/gitea/configuration.nix
@@ -1,6 +1,8 @@
-{ self, ... } @ inputs: {
+{ self, ... }:
+{ modulesPath, ... }: {
   imports = [
-    ./hardware-configuration.nix
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+
     ../../users/root
     ../../users/erwin
     ./backup.nix
@@ -21,28 +23,32 @@
 
   system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
 
-  networking = {
-    hostName = "gitea";
-    useDHCP = false;
+  # networking = {
+  #   hostName = "gitea";
+  #   useDHCP = false;
 
-    interfaces = {
-      eth0 = {
-        ipv4.addresses = [
-          {
-            address = "10.0.0.201";
-            prefixLength = 24;
-          }
-        ];
-      };
-    };
+  #   interfaces = {
+  #     eth0 = {
+  #       ipv4.addresses = [
+  #         {
+  #           address = "10.0.0.201";
+  #           prefixLength = 24;
+  #         }
+  #       ];
+  #     };
+  #   };
 
-    defaultGateway = "10.0.0.1";
-    nameservers = [ "10.0.0.254" ];
+  #   defaultGateway = "10.0.0.1";
+  #   nameservers = [ "10.0.0.254" ];
+  # };
+
+  proxmoxLXC = {
+    privileged = true;
   };
 
   security.sudo.execWheelOnly = true;
 
-  # services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
diff --git a/machines/mimir/configuration.nix b/machines/mimir/configuration.nix
index f7f2548..59ccdd4 100644
--- a/machines/mimir/configuration.nix
+++ b/machines/mimir/configuration.nix
@@ -147,6 +147,11 @@
         enable = true;
         DHCP = "yes";
 
+        domains = [
+          "internal.horus.nu"
+          "bedum.horus.nu"
+        ];
+
         matchConfig = {
           Name = "enp4s0";
         };
diff --git a/machines/minio/configuration.nix b/machines/minio/configuration.nix
index 2326b20..aad8c04 100644
--- a/machines/minio/configuration.nix
+++ b/machines/minio/configuration.nix
@@ -46,7 +46,7 @@
 
   security.sudo.execWheelOnly = true;
 
-  # services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix
index 1b0e031..35aa25d 100644
--- a/machines/proxy/configuration.nix
+++ b/machines/proxy/configuration.nix
@@ -1,5 +1,7 @@
-{ self, ... }: {
+{ self, ... }:
+{ modulesPath, ... }: {
   imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
     ./hardware-configuration.nix
     ../../users/root
     ../../users/erwin
@@ -23,26 +25,30 @@
 
   system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
 
-  networking = {
-    hostName = "proxy";
-    useDHCP = false;
+  # networking = {
+  #   hostName = "proxy";
+  #   useDHCP = false;
 
-    interfaces = {
-      eth0 = {
-        ipv4.addresses = [
-          {
-            address = "10.0.0.251";
-            prefixLength = 24;
-          }
-        ];
-      };
-    };
+  #   interfaces = {
+  #     eth0 = {
+  #       ipv4.addresses = [
+  #         {
+  #           address = "10.0.0.251";
+  #           prefixLength = 24;
+  #         }
+  #       ];
+  #     };
+  #   };
 
-    defaultGateway = "10.0.0.1";
-    nameservers = [ "10.0.0.254" ];
+  #   defaultGateway = "10.0.0.1";
+  #   nameservers = [ "10.0.0.254" ];
+  # };
+
+  proxmoxLXC = {
+    privileged = true;
   };
 
-  services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   security.sudo.execWheelOnly = true;
 
diff --git a/machines/regin/configuration.nix b/machines/regin/configuration.nix
index c1a89c3..b7fc8d1 100644
--- a/machines/regin/configuration.nix
+++ b/machines/regin/configuration.nix
@@ -1,8 +1,9 @@
-{ nixpkgs, ... }:
+{ nixpkgs, nixos-hardware, ... }:
 { pkgs, ... }:
 {
   imports = [
     "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+    nixos-hardware.nixosModules.raspberry-pi-4
 
     ../../users/root
     ../../users/erwin
@@ -13,7 +14,7 @@
       enable = true;
       server = true;
     };
-    base.kernel = pkgs.linuxPackages_rpi3;
+    base.kernel = pkgs.linuxPackages_rpi4;
     klipper.enable = true;
     networking.enable = true;
     nix-common.enable = true;
@@ -24,15 +25,14 @@
 
   hardware = {
     enableAllFirmware = true; # This also sets hardware.enableRedistributableFirmware
+    raspberry-pi."4".fkms-3d = {
+      enable = true;
+      cma = 256;
+    };
   };
 
   boot = {
-    initrd.availableKernelModules = [
-      "usbhid"
-      "usb_storage"
-      "vc4"
-    ];
-    kernelModules = [ "bcm2835-v4l2" ];
+    bootspec.enable = true;
   };
 
   zramSwap.enable = true;
@@ -57,6 +57,7 @@
   };
 
   services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   security = {
     polkit.enable = true;
diff --git a/machines/thor/configuration.nix b/machines/thor/configuration.nix
index fead530..4a0b410 100644
--- a/machines/thor/configuration.nix
+++ b/machines/thor/configuration.nix
@@ -70,6 +70,7 @@
   };
 
   services.openssh.enable = true;
+  services.tailscale.enable = true;
 
   security = {
     polkit.enable = true;
diff --git a/modules/klipper/default.nix b/modules/klipper/default.nix
index 76ce9e0..48ffefd 100644
--- a/modules/klipper/default.nix
+++ b/modules/klipper/default.nix
@@ -140,12 +140,13 @@ in
         authorization = {
           cors_domains = [
             "*.local"
-            "*://app.fluidd.xyz"
+            "*://my.mainsail.xyz"
           ];
 
           trusted_clients = [
             "10.0.0.0/24"
             "10.1.0.0/24"
+            "100.64.0.0/16"
             "127.0.0.0/8"
             "fe80::/10"
             "::1/128"
@@ -162,7 +163,7 @@ in
       };
     };
 
-    services.fluidd = {
+    services.mainsail = {
       enable = true;
       hostName = config.networking.hostName;
     };