diff --git a/flake.nix b/flake.nix
index 269ecb4..4d21770 100644
--- a/flake.nix
+++ b/flake.nix
@@ -105,6 +105,12 @@
             (import (./machines/loki/configuration.nix) { inherit self; })
           ];
         };
+
+        drone = defSystem "x86_64-linux" {
+          imports = [
+            (import (./machines/drone/configuration.nix) { inherit self; })
+          ];
+        };
       };
     } //
     (flake-utils.lib.eachSystem [ "aarch64-linux" "x86_64-linux" ])
diff --git a/home-manager/modules/sway/default.nix b/home-manager/modules/sway/default.nix
index f03e36b..5047ebb 100644
--- a/home-manager/modules/sway/default.nix
+++ b/home-manager/modules/sway/default.nix
@@ -51,7 +51,7 @@ in
         input = {
           "36125:40349:splitKB_Kyria" = {
             xkb_layout = "us";
-            xkb_options = "lv3:ralt_switch";
+            xkb_options = "lv3:ralt_switch,eurosign:5";
           };
           "1133:49291:Logitech_G502_HERO_SE" = {
             natural_scroll = "enabled";
@@ -188,8 +188,8 @@ in
         # exec_always --no-startup-id systemctl --user import-environment _JAVA_AWT_WM_NONREPARENTING MOZ_ENABLE_WAYLAND MOZ_DBUS_REMOTE QT_QPA_PLATFORM QT_WAYLAND_DISABLE_WINDOWDECORATION QT_QPA_PLATFORMTHEME SDL_VIDEODRIVER SSH_AUTH_SOCK
         # exec_always --no-startup-id dbus-update-activation-environment --systemd _JAVA_AWT_WM_NONREPARENTING MOZ_ENABLE_WAYLAND MOZ_DBUS_REMOTE QT_QPA_PLATFORM QT_WAYLAND_DISABLE_WINDOWDECORATION QT_QPA_PLATFORMTHEME SDL_VIDEODRIVER SSH_AUTH_SOCK
         exec --no-startup-id ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator
-        exec --no-startup-id ${pkgs.swayidle}/bin/swayidle -w timeout 900 -- ${swaylockcmd}
-        exec --no-startup-id ${pkgs.swayidle}/bin/swayidle -w 1200 -- ${pkgs.sway}/bin/swaymsg 'output * dpms off' resume ${pkgs.sway}/bin/swaymsg 'output * dpms off'
+        exec --no-startup-id ${pkgs.swayidle}/bin/swayidle -w timeout 900 "${swaylockcmd}"
+        exec --no-startup-id ${pkgs.swayidle}/bin/swayidle -w timeout 1200 "${pkgs.sway}/bin/swaymsg 'output * dpms off' resume ${pkgs.sway}/bin/swaymsg 'output * dpms off'"
 
         include /etc/sway/config.d/*
       '';
diff --git a/home-manager/modules/vscode/settings.json b/home-manager/modules/vscode/settings.json
index df171c6..e497ff8 100644
--- a/home-manager/modules/vscode/settings.json
+++ b/home-manager/modules/vscode/settings.json
@@ -428,6 +428,7 @@
   "editor.bracketPairColorization.enabled": true,
   "python.formatting.provider": "black",
   "telemetry.telemetryLevel": "off",
+  "python.formatting.blackArgs": ["--skip-string-normalization"],
   "[typescript]": {
     "editor.defaultFormatter": "vscode.typescript-language-features"
   },
diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix
index d390c23..7fea566 100644
--- a/machines/loki/configuration.nix
+++ b/machines/loki/configuration.nix
@@ -14,6 +14,7 @@
       home-manager = true;
     };
     docker.enable = true;
+    element-web.enable = true;
     fonts.enable = true;
     gnome.enable = true;
     greetd.enable = true;
diff --git a/modules/docker/default.nix b/modules/docker/default.nix
index d907dae..3dd3c0f 100644
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@@ -2,7 +2,6 @@
 with lib;
 let
   cfg = config.eboskma.docker;
-  matrixClientConfig = pkgs.writeText "element-web.json" (builtins.readFile ./element-web.json);
 in
 {
 
@@ -20,20 +19,6 @@ in
       };
     };
 
-    # docker run -d --restart=always --name element-web -p 8888:80 -v $PWD/element-web.json:/app/config.json vectorim/element-web
-    virtualisation.oci-containers.containers = {
-      element-web = {
-        autoStart = true;
-        image = "vectorim/element-web";
-        ports = [
-          "8888:80"
-        ];
-        volumes = [
-          "${matrixClientConfig}:/app/config.json"
-        ];
-      };
-    };
-
     users.extraUsers.${config.eboskma.var.mainUser}.extraGroups =
       [ "docker" ];
 
diff --git a/modules/element-web/default.nix b/modules/element-web/default.nix
new file mode 100644
index 0000000..3f6f94c
--- /dev/null
+++ b/modules/element-web/default.nix
@@ -0,0 +1,28 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.eboskma.element-web;
+  matrixClientConfig = pkgs.writeText "element-web.json" (builtins.readFile ./element-web.json);
+in
+{
+
+  options.eboskma.element-web = { enable = mkEnableOption "activate element-web"; };
+
+  config = mkIf cfg.enable {
+
+    config.eboskma.docker.enable = true;
+
+    virtualisation.oci-containers.containers = {
+      element-web = {
+        autoStart = true;
+        image = "vectorim/element-web";
+        ports = [
+          "8888:80"
+        ];
+        volumes = [
+          "${matrixClientConfig}:/app/config.json"
+        ];
+      };
+    };
+  };
+}
diff --git a/modules/docker/element-web.json b/modules/element-web/element-web.json
similarity index 100%
rename from modules/docker/element-web.json
rename to modules/element-web/element-web.json
diff --git a/modules/networking/default.nix b/modules/networking/default.nix
index 89d1c09..3d37d61 100644
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@@ -27,6 +27,23 @@ in
         })
         cfg.dhcpInterfaces);
       hosts = cfg.hosts;
+
+      firewall = {
+        trustedInterfaces = [ "lo" ];
+        interfaces = listToAttrs (builtins.map
+          (iface: {
+            name = iface;
+            value = {
+              allowedTCPPorts = [
+                # Horus System V2
+                12345
+                5555
+                5556
+              ];
+            };
+          })
+          cfg.dhcpInterfaces);
+      };
     };
     users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];
 
@@ -36,6 +53,7 @@ in
       publish = {
         enable = true;
         domain = true;
+        userServices = true;
       };
     };
   };