diff --git a/assets/favicon-paperless.png b/assets/favicon-paperless.png
new file mode 100644
index 0000000..1001386
Binary files /dev/null and b/assets/favicon-paperless.png differ
diff --git a/home/default.nix b/home/default.nix
index 0e297cb..3032d15 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -3,7 +3,7 @@
   imports = [
     ./graphical
     ./terminal
-
+    ./desktop
     ./hyprland
     ./hyprlock
     ./foot.nix
diff --git a/hosts/brontes/configuration.nix b/hosts/brontes/configuration.nix
index f65775a..d907040 100644
--- a/hosts/brontes/configuration.nix
+++ b/hosts/brontes/configuration.nix
@@ -18,10 +18,6 @@
     efi.canTouchEfiVariables = true;
   };
 
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-  };
   age.secrets.rustypaste = {
     file = ../../secrets/rustypaste.age;
   };
@@ -34,10 +30,17 @@
     portal.enable = true;
     mime.enable = true;
   };
+
+  modules.system = {
+    networking = {
+      wifi.enable = true;
+      bluetooth.enable = true;
+    };
+  };
+
   services = {
     displayManager.sddm.enable = true;
     dbus.enable = true;
-    blueman.enable = true;
     pipewire.enable = true;
 
     tailscale = {
diff --git a/hosts/marr/configuration.nix b/hosts/marr/configuration.nix
index 51a34bb..88d3872 100644
--- a/hosts/marr/configuration.nix
+++ b/hosts/marr/configuration.nix
@@ -14,21 +14,24 @@
     ./home.nix
   ];
 
-  device.type = {
-    graphical.enable = true;
-    workstation.enable = true;
-    gaming.enable = true;
+  modules.system = {
+    networking = {
+      bluetooth.enable = true;
+      wifi.enable = true;
+    };
+    type = {
+      graphical.enable = true;
+      workstation.enable = true;
+      gaming.enable = true;
+    };
   };
+
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
   boot.initrd.luks.devices."luks-7adaa102-d438-4e9e-9972-4a3c91b887b3".device = "/dev/disk/by-uuid/7adaa102-d438-4e9e-9972-4a3c91b887b3";
 
-  hardware.bluetooth.enable = true;
-  hardware.bluetooth.powerOnBoot = true;
-  services.blueman.enable = true;
-
   hardware.graphics.enable = true;
 
   # Configure keymap in X11
diff --git a/hosts/raptus/configuration.nix b/hosts/raptus/configuration.nix
index 9a31422..87e33d9 100644
--- a/hosts/raptus/configuration.nix
+++ b/hosts/raptus/configuration.nix
@@ -24,11 +24,6 @@
     rustypaste.file = ../../secrets/rustypaste.age;
   };
 
-  device.type = {
-    vm.enable = true;
-    server.enable = true;
-  };
-
   boot.loader.grub = {
     efiSupport = true;
     efiInstallAsRemovable = true;
diff --git a/modules/default.nix b/modules/default.nix
index 5469633..c8d308d 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -3,7 +3,6 @@
   imports = [
     ./sddm.nix
     ./locale.nix
-    ./networking.nix
     ./fonts.nix
     ./portals.nix
     ./env.nix
diff --git a/modules/networking.nix b/modules/networking.nix
deleted file mode 100644
index 484e77c..0000000
--- a/modules/networking.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ ... }:
-{
-  networking = {
-
-    networkmanager.enable = true;
-
-    firewall =
-      let
-        wgPort = 51820;
-      in
-      {
-        enable = true;
-
-        # Open ports in the firewall.
-        allowedTCPPorts = [ ];
-        allowedUDPPorts = [ wgPort ];
-        allowedTCPPortRanges = [
-          {
-            from = 1714;
-            to = 1764;
-          }
-        ];
-        allowedUDPPortRanges = [
-          {
-            from = 1714;
-            to = 1764;
-          }
-        ];
-
-        # if packets are still dropped, they will show up in dmesg
-        logReversePathDrops = true;
-        # wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
-        extraCommands = ''
-          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN
-          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN
-        '';
-        extraStopCommands = ''
-          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN || true
-          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN || true
-        '';
-      };
-  };
-}
diff --git a/options/default.nix b/options/default.nix
index 7e2254a..797d1be 100644
--- a/options/default.nix
+++ b/options/default.nix
@@ -1,7 +1,7 @@
 {
   imports = [
     ./media.nix
-    ./system.nix
+    ./system
     ./container
     ./server
   ];
diff --git a/options/system.nix b/options/system.nix
deleted file mode 100644
index a1b6447..0000000
--- a/options/system.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ lib, ... }:
-let
-  inherit (lib.types) bool array string;
-in
-{
-  options = {
-    device = {
-      pubKeys = lib.mkOption {
-        type = array string;
-        default = [ ];
-      };
-
-      type = {
-        gaming.enable = lib.mkEnableOption {
-          type = bool;
-          default = false;
-        };
-
-        graphical.enable = lib.mkEnableOption {
-          type = bool;
-          default = false;
-        };
-
-        workstation.enable = lib.mkEnableOption {
-          type = bool;
-          default = false;
-        };
-
-        server.enable = lib.mkEnableOption {
-          type = bool;
-          default = false;
-        };
-
-        vm.enable = lib.mkEnableOption {
-          type = lib.types.bool;
-          default = false;
-        };
-      };
-    };
-  };
-}
diff --git a/options/system/default.nix b/options/system/default.nix
new file mode 100644
index 0000000..161c0e5
--- /dev/null
+++ b/options/system/default.nix
@@ -0,0 +1,37 @@
+{ lib, ... }:
+let
+  inherit (lib.types) bool array string;
+  inherit (lib) mkEnableOption;
+in
+{
+  imports = [ ./networking ];
+
+  options.modules.system = {
+    type = {
+      gaming.enable = lib.mkEnableOption {
+        type = bool;
+        default = false;
+      };
+
+      graphical.enable = lib.mkEnableOption {
+        type = bool;
+        default = false;
+      };
+
+      workstation.enable = lib.mkEnableOption {
+        type = bool;
+        default = false;
+      };
+
+      server.enable = lib.mkEnableOption {
+        type = bool;
+        default = false;
+      };
+
+      vm.enable = lib.mkEnableOption {
+        type = lib.types.bool;
+        default = false;
+      };
+    };
+  };
+}
diff --git a/options/system/networking/bluetooth.nix b/options/system/networking/bluetooth.nix
new file mode 100644
index 0000000..155e086
--- /dev/null
+++ b/options/system/networking/bluetooth.nix
@@ -0,0 +1,19 @@
+{ lib, config, ... }:
+let
+  inherit (lib) mkEnableOption mkIf;
+  cfg = config.modules.system.networking.bluetooth;
+in
+{
+  options.modules.system.networking.bluetooth = {
+    enable = mkEnableOption "activate bluetooth capabilities";
+  };
+
+  config = mkIf cfg.enable {
+    hardware.bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+
+    services.blueman.enable = true;
+  };
+}
diff --git a/options/system/networking/default.nix b/options/system/networking/default.nix
new file mode 100644
index 0000000..6e100d3
--- /dev/null
+++ b/options/system/networking/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./wifi.nix
+    ./bluetooth.nix
+  ];
+}
diff --git a/options/system/networking/wifi.nix b/options/system/networking/wifi.nix
new file mode 100644
index 0000000..c34df0a
--- /dev/null
+++ b/options/system/networking/wifi.nix
@@ -0,0 +1,14 @@
+{ lib, config, ... }:
+let
+  inherit (lib) mkEnableOption mkIf;
+  cfg = config.modules.system.networking.wifi;
+in
+{
+  options.modules.system.networking.wifi = {
+    enable = mkEnableOption "activate wifi capabilities";
+  };
+
+  config = mkIf cfg.enable {
+    networking.networkmanager.enable = true;
+  };
+}