diff --git a/config/nvim/init.lua b/config/nvim/init.lua
index 5758c26..51aa647 100644
--- a/config/nvim/init.lua
+++ b/config/nvim/init.lua
@@ -84,8 +84,10 @@ cmp.setup({
 
 local capabilities = require("cmp_nvim_lsp").default_capabilities()
 
-vim.lsp.enable("rust_analyzer")
-vim.lsp.enable("pylsp")
-vim.lsp.enable("biome")
-vim.lsp.enable("eslint")
-vim.lsp.enable("ccls")
+local lspconfig = require('lspconfig')
+local servers = { "rust_analyzer", "pylsp", "biome", "eslint", "ccls" }
+for _, lsp in ipairs(servers) do
+  lspconfig[lsp].setup({
+    capabilities = capabilities,
+  })
+end
diff --git a/configuration.nix b/configuration.nix
index 77d1fda..4c7102d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, pkgs-stable, lib, inputs, ... }:
 
 {
 
@@ -88,7 +88,62 @@
   ];
 
   # Firejail
-  # TODO: add this back
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries = {
+      vesktop = {
+        executable = "${pkgs-stable.vesktop}/bin/vesktop";
+        profile = "${pkgs.firejail}/etc/firejail/vesktop.profile";
+        extraArgs = [
+          "--ignore=dbus-system"
+          "--ignore=nodbus"
+
+          "--dbus-user.talk=org.freedesktop.Notifications"
+          "--dbus-user.talk=org.kde.StatusNotifierWatcher"
+          
+          "--dbus-user.talk=org.freedesktop.portal.Desktop"
+          "--dbus-user.talk=org.freedesktop.portal.ScreenCast"
+          "--dbus-user.talk=org.freedesktop.portal.Documents"
+          
+          "--noblacklist=/run/user/[0-9]*/discord-ipc-*"
+          "--whitelist=/run/user/[0-9]*/discord-ipc-*"
+
+          "--env=GTK_THEME=Adwaita:dark"
+          "--noblacklist=~/Pictures"
+          "--noblacklist=~/Documents"
+          "--whitelist=~/Pictures"
+          "--whitelist=~/Documents"
+        ];
+      };
+      firefox = {
+        executable = "${pkgs.firefox}/bin/firefox";
+        profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+      signal-desktop-bin = {
+        executable = "${pkgs.signal-desktop-bin}/bin/signal-desktop";
+        profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+          "--noblacklist=~/Pictures"
+          "--noblacklist=~/Documents"
+          "--whitelist=~/Pictures"
+          "--whitelist=~/Documents"
+          "--dbus-user.talk=org.freedesktop.Notifications"
+          "--dbus-user.talk=org.kde.StatusNotifierWatcher"
+        ];
+      };
+      obsidian = {
+        executable = "${pkgs.obsidian}/bin/obsidian";
+        profile = "${pkgs.firejail}/etc/firejail/obsidian.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+        ];
+      };
+    };
+  };
 
   # Enable the KDE Plasma Desktop Environment.
   # I keep this enabled even if I main Hyprland because of QT.
diff --git a/flake.lock b/flake.lock
index bbb55e9..a0a6c6d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761266473,
-        "narHash": "sha256-QxCyKWBmuzI+eMhYV1JmbZsiUnBNATRP1EW34OBt5Vg=",
+        "lastModified": 1767437240,
+        "narHash": "sha256-OA0dBHhccdupFXp+/eaFfb8K1dQxk61in4aF5ITGVX8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5c71d4a730bd3c972befff343bb074421e345937",
+        "rev": "1cfa305fba94468f665de1bd1b62dddf2e0cb012",
         "type": "github"
       },
       "original": {
@@ -57,11 +57,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1762463231,
-        "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",
+        "lastModified": 1767185284,
+        "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",
+        "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
         "type": "github"
       },
       "original": {
@@ -72,11 +72,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1761114652,
-        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
+        "lastModified": 1767379071,
+        "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "rev": "fb7944c166a3b630f177938e478f0378e64ce108",
         "type": "github"
       },
       "original": {
@@ -86,13 +86,30 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1767325753,
+        "narHash": "sha256-yA/CuWyqm+AQo2ivGy6PlYrjZBQm7jfbe461+4HF2fo=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "64049ca74d63e971b627b5f3178d95642e61cedd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "disko": "disko",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-stable": "nixpkgs-stable"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index a154414..3d8cef2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,7 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable/";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
     nixos-hardware.url = "github:NixOS/nixos-hardware/";
     
     disko.url = "github:nix-community/disko";
@@ -16,7 +17,7 @@
   };
 
   outputs =
-    { self, nixpkgs, home-manager, impermanence, disko, ... } @ inputs:
+    { self, nixpkgs, nixpkgs-stable, home-manager, impermanence, disko, ... } @ inputs:
     let
       system = "x86_64-linux";
       username = "xory";
@@ -26,7 +27,13 @@
       mkNixosHost = hostName:
         nixpkgs.lib.nixosSystem {
           inherit system;
-          specialArgs = { inherit inputs; };
+          specialArgs = { 
+            inherit inputs;
+            pkgs-stable = import nixpkgs-stable {
+              system = "x86_64-linux";
+              config.allowUnfree = true;
+            };
+          };
           modules = [
             { nixpkgs.overlays = [ opentrack-overlay ]; }
 
diff --git a/hosts/nullstar/config.nix b/hosts/nullstar/config.nix
index 2c4c614..674080b 100644
--- a/hosts/nullstar/config.nix
+++ b/hosts/nullstar/config.nix
@@ -22,7 +22,7 @@
     rocmPackages.clr.icd
   ];
 
-  services.ollama.acceleration = "rocm";
+  services.ollama.package = pkgs.ollama-rocm;
 
   environment.systemPackages = with pkgs; [
      framework-tool
diff --git a/hosts/voidspear/config.nix b/hosts/voidspear/config.nix
index dc25bbd..31173ec 100644
--- a/hosts/voidspear/config.nix
+++ b/hosts/voidspear/config.nix
@@ -24,5 +24,5 @@
   };
   boot.blacklistedKernelModules = [ "nouveau" ];
 
-  services.ollama.acceleration = "cuda";
+  services.ollama.package = pkgs.ollama-cuda;
 }