diff --git a/common/nginx.nix b/common/nginx.nix
index 19b315b..10e498d 100644
--- a/common/nginx.nix
+++ b/common/nginx.nix
@@ -7,13 +7,17 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
     appendHttpConfig = ''
-      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
-      add_header Content-Security-Policy "default-src https: data: 'unsafe-inline'; object-src 'none'; base-uri 'none';" always;
-      add_header Referrer-Policy strict-origin-when-cross-origin;
+      map $scheme $hsts_header {
+          https   "max-age=31536000; includeSubdomains; preload";
+      }
+      add_header Strict-Transport-Security $hsts_header;
+      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+      add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
       add_header X-Frame-Options SAMEORIGIN;
       add_header X-Content-Type-Options nosniff;
-      add_header X-Clacks-Overhead "GNU Terry Pratchett";
       proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
     '';
   };
diff --git a/common/steam.nix b/common/steam.nix
index b1e26de..5f538fa 100644
--- a/common/steam.nix
+++ b/common/steam.nix
@@ -1,12 +1,10 @@
 { config, lib, pkgs, ... }:
 
 {
-  config = lib.mkIf config.programs.steam.enable {
-    programs.steam = {
-      remotePlay.openFirewall = true;
-      dedicatedServer.openFirewall = true;
-    };
-
-    services.joycond.enable = true;
+  programs.steam = {
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
   };
+
+  services.joycond.enable = config.programs.steam.enable;
 }
diff --git a/flake.lock b/flake.lock
index e65e4f4..c0faff0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -121,11 +121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726989464,
-        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+        "lastModified": 1726592409,
+        "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+        "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594",
         "type": "github"
       },
       "original": {
@@ -137,11 +137,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1726969270,
-        "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
+        "lastModified": 1726447378,
+        "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
+        "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
         "type": "github"
       },
       "original": {
@@ -153,11 +153,11 @@
     },
     "nixpkgsSmall": {
       "locked": {
-        "lastModified": 1727076372,
-        "narHash": "sha256-gXIWudYhY/4LjQPvrGn9lN4fbHjw/mf1mb9KKJK//4I=",
+        "lastModified": 1726611721,
+        "narHash": "sha256-oSDOQ5c7CTVzkaG5A19UW3Yxsv9TLNFNcrvQT9F4Pz0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7ca0f93c530406c1610defff0b9bf643333cf992",
+        "rev": "a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e",
         "type": "github"
       },
       "original": {
@@ -169,11 +169,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1727141325,
-        "narHash": "sha256-oqM2LaC0RLXgKZmFpj+aFM8qf5Iw9ilMJPWGZbGdTAk=",
+        "lastModified": 1726681508,
+        "narHash": "sha256-xz858EXcKZjWR6TPyU84BTeMHIPewGW68DutnxghaR4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "0d7209843407825066ccf9743c40d50b6d68674f",
+        "rev": "59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0",
         "type": "github"
       },
       "original": {
@@ -192,11 +192,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727020652,
-        "narHash": "sha256-zwTXt1bcf+wycX389ZyJFzUO2gzCb16ButXxiX2iA7Y=",
+        "lastModified": 1726509788,
+        "narHash": "sha256-PmCmO8NDKzwHrTp9Ox/rcLiCYivqIpZlnLk8wZRjv2I=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272",
+        "rev": "5a0c70a007837e2db01e0bb68971792e8653d32c",
         "type": "github"
       },
       "original": {
@@ -205,22 +205,6 @@
         "type": "github"
       }
     },
-    "randomcat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1727143958,
-        "narHash": "sha256-W2DK8AehT9Q5IaYWzUuUYyVRSvu3DdHwr8ioWJluUD8=",
-        "owner": "randomnetcat",
-        "repo": "nix-configs",
-        "rev": "2a6bd13e96db07e2e904fcc1b93faf5484725c91",
-        "type": "github"
-      },
-      "original": {
-        "owner": "randomnetcat",
-        "repo": "nix-configs",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -230,8 +214,7 @@
         "nixpkgs": "nixpkgs",
         "nixpkgsSmall": "nixpkgsSmall",
         "nur": "nur",
-        "plasma-manager": "plasma-manager",
-        "randomcat": "randomcat"
+        "plasma-manager": "plasma-manager"
       }
     },
     "stable": {
diff --git a/flake.nix b/flake.nix
index 61126be..06f6387 100644
--- a/flake.nix
+++ b/flake.nix
@@ -28,15 +28,10 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    randomcat = {
-      url = "github:randomnetcat/nix-configs";
-      flake = false;
-    };
-
     birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main";
   };
 
-  outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: {
+  outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: {
     nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes;
 
     # The name of this output type is not standardised. I have picked
@@ -84,7 +79,6 @@
           birdsong.nixosModules.default
           ./common
           ./services
-          (builtins.toPath "${randomcat}/services/default.nix")
         ];
       };
 
diff --git a/hosts/kilgharrah/datasets.nix b/hosts/kilgharrah/datasets.nix
deleted file mode 100644
index 161a50f..0000000
--- a/hosts/kilgharrah/datasets.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  environment.etc.crypttab.text = ''
-    albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key
-  '';
-
-  randomcat.services.zfs.datasets = {
-    "rpool_albion/data" = { mountpoint = "none"; };
-    "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; };
-  };
-}
diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix
index 75dd2ec..01377be 100644
--- a/hosts/kilgharrah/default.nix
+++ b/hosts/kilgharrah/default.nix
@@ -6,8 +6,6 @@
     ./filesystems.nix
     ./hardware.nix
     ./networking.nix
-
-    ./datasets.nix
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix
index e2baa43..bfc5b10 100644
--- a/hosts/kilgharrah/filesystems.nix
+++ b/hosts/kilgharrah/filesystems.nix
@@ -5,6 +5,12 @@
     "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd";
   };
 
+  boot.supportedFilesystems = [ "zfs" ];
+
+  environment.etc.crypttab.text = ''
+    cryptstorage UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key
+  '';
+
   fileSystems = {
     "/" = {
       device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b";