diff --git a/flake.lock b/flake.lock
index 2b9a17506..4cf5951f9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -9,11 +9,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691887866,
-        "narHash": "sha256-x8P7p+nyrWiBJcRske0Zw437w5ZYTyylmHiOrfuO2Go=",
+        "lastModified": 1692027678,
+        "narHash": "sha256-y7qJ1WBFB9B4rm4TEth6j5c7ADpWZmsPEB5bSz9Dvh4=",
         "owner": "Aylur",
         "repo": "ags",
-        "rev": "c3346f09b33bc8ab0de5a0ca189a125c7847bd4a",
+        "rev": "4998d17d704d6407e3facc80b5e903a945b3e6a8",
         "type": "github"
       },
       "original": {
@@ -29,11 +29,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1691953440,
-        "narHash": "sha256-0vgoR2n0GZednimtStjauBHjqeWs/3JD2ShWP73yDVk=",
+        "lastModified": 1692209337,
+        "narHash": "sha256-35Nxp+lEGWZ2Su6NEs8hksZuuKtX5YbvdAk3EnmIQ00=",
         "owner": "isabelroses",
         "repo": "nur",
-        "rev": "cc63edce82e54bc8aa349d6e4ef27f6aa3f926c7",
+        "rev": "53b1e110c712eebd72ea91df919a26bab7b32e71",
         "type": "github"
       },
       "original": {
@@ -87,11 +87,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1689149734,
-        "narHash": "sha256-LHhoDRyEP45HKr+CIjcdCBrA8jHQHDVOaXA/hF6xxNI=",
+        "lastModified": 1692019220,
+        "narHash": "sha256-CNXT0KZgAW9fCYH1v8AwKohz24ldiXkens2eCFTQz50=",
         "owner": "lighttigerXIV",
         "repo": "catppuccinifier",
-        "rev": "9b587e7e7467ab26b2df7aca0561f7341231a292",
+        "rev": "1f3c2139f52de823844272af34c3c48600633354",
         "type": "github"
       },
       "original": {
@@ -859,11 +859,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1691853136,
-        "narHash": "sha256-wTzDsRV4HN8A2Sl0SVQY0q8ILs90CD43Ha//7gNZE+E=",
+        "lastModified": 1692128808,
+        "narHash": "sha256-Di1Zm/P042NuwThMiZNrtmaAjd4Tm2qBOKHX7xUOfMk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f0451844bbdf545f696f029d1448de4906c7f753",
+        "rev": "4ed9856be002a730234a1a1ed9dcd9dd10cbdb40",
         "type": "github"
       },
       "original": {
diff --git a/hosts/bernie/default.nix b/hosts/bernie/default.nix
index 40b5fb38d..dbd0539ed 100644
--- a/hosts/bernie/default.nix
+++ b/hosts/bernie/default.nix
@@ -21,6 +21,7 @@
 
         boot = {
           loader = "grub";
+          device = lib.mkForce "/dev/sda15";
           enableKernelTweaks = true;
           enableInitrdTweaks = true;
           loadRecommendedModules = true;
@@ -71,7 +72,6 @@
     };
 
     zramSwap.enable = true;
-    boot.cleanTmpDir = true;
     services.openssh.enable = true;
     users.users.root.openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQhSDXRDS5ABDyCPOZ2B3bl455Mlzb32vmofdkXJCNXW98jUeCyaZk8XHRta06KeADFMvpwDEzjGz6Zb+NJIfMkh20mVdOpTHrA80cER1F2SlNf9fmZIgOyCzSUOSGqXHsWppikHmKzv1hPifQYoqWdRXN7bD9Jk5JjgxGcaXkICcV93s/tRy5Yl5l5LhM00fUDXUF85xnmqU3Ujepx0gknE0qaqgT+kFRe0hy7HIkjrEjMqy5nfHFlJG/XAxrHKK9p/BvvCgO/xiRimK2UgfH/5jml20EytVeZ6fIAeyVLvWA/FtLyaafoLqmETV6BhUnk8PtdAxjGQTQXZmUOv2D0Lvmxo1GqjYVPOfhINBprUaRwxIFM57SpwmXmGVWOlyTgTtBoPewUQ/QwT5cVV+a8ASeEhrFB4TzHxK4RM8++zL0eVtESW+L+/rsmfUHIIEXnLvVmnb8t0AWpWxQWaEe7YaNS9VNtm6gK0wl12PZXqN5K4eCXIyrsCbUdaldnts= root"
@@ -88,9 +88,6 @@
       };
     };
 
-    networking.domain = "isabelroses.com";
-    networking.useDHCP = lib.mkDefault true;
-
     nix.settings.system-features = ["nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-armv8-a"];
   };
 }
diff --git a/hosts/hydra/hardware-configuration.nix b/hosts/hydra/hardware-configuration.nix
index f296f1dbd..dca3772ec 100755
--- a/hosts/hydra/hardware-configuration.nix
+++ b/hosts/hydra/hardware-configuration.nix
@@ -1,6 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 {
   config,
   lib,
diff --git a/modules/common/core/system/boot/loader/grub/default.nix b/modules/common/core/system/boot/loader/grub/default.nix
index e820563ce..4355f87dc 100644
--- a/modules/common/core/system/boot/loader/grub/default.nix
+++ b/modules/common/core/system/boot/loader/grub/default.nix
@@ -9,10 +9,8 @@
 in {
   config = mkIf (cfg.boot.loader == "grub") {
     boot.loader = {
-      # default grub to disabled, we manually enable grub on "server" hosts
-      # or any other host that needs it
       grub = {
-        enable = mkDefault false;
+        enable = mkDefault true;
         useOSProber = true;
         efiSupport = true;
         enableCryptodisk = mkDefault false;
diff --git a/modules/common/options/system/boot.nix b/modules/common/options/system/boot.nix
index 50451075c..2747af3d5 100644
--- a/modules/common/options/system/boot.nix
+++ b/modules/common/options/system/boot.nix
@@ -27,6 +27,12 @@ with lib; {
       description = "The bootloader that should be used for the device.";
     };
 
+    device = mkOption {
+      type = with types; nullOr str;
+      default = "nodev";
+      description = "The device to install the bootloader to.";
+    };
+
     plymouth = {
       enable = mkEnableOption "plymouth boot splash";
       withThemes = mkEnableOption "plymouth theme";
diff --git a/modules/common/types/server/services/nginx/default.nix b/modules/common/types/server/services/nginx/default.nix
index ac0076cf2..6eb08a782 100644
--- a/modules/common/types/server/services/nginx/default.nix
+++ b/modules/common/types/server/services/nginx/default.nix
@@ -46,6 +46,7 @@ in {
           };
         # vaultwawrden
         "vault.isabelroses.com" =
+          mkIf (config.modules.services.vaultwarden.enable)
           template
           // {
             locations."/" = {
@@ -55,16 +56,17 @@ in {
           };
         # gitea
         "git.isabelroses.com" =
+          mkIf (config.modules.services.gitea.enable)
           template
           // {
             locations."/".proxyPass = "http://127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}";
           };
 
         # mailserver
-        "mail.isabelroses.com" = template;
+        "mail.isabelroses.com" = mkIf (config.modules.services.mailserver.enable) template;
 
         # webmail
-        "webmail.isabelroses.com" = template;
+        "webmail.isabelroses.com" = mkIf (config.modules.services.mailserver.enable) template;
 
         "search.isabelroses.com" =
           template
diff --git a/modules/common/types/server/services/vaultwarden/default.nix b/modules/common/types/server/services/vaultwarden/default.nix
index e8385a984..50a750e56 100644
--- a/modules/common/types/server/services/vaultwarden/default.nix
+++ b/modules/common/types/server/services/vaultwarden/default.nix
@@ -18,7 +18,7 @@ in {
 
     services.vaultwarden = {
       enable = true;
-      environmentFile = config.age.secrets.vaultwarden-env.path;
+      environmentFile = config.sops.secrets.vaultwarden-env.path;
       backupDir = "/srv/storage/vaultwarden/backup";
       config = {
         DOMAIN = "https://vault.isabelroses.com";