diff --git a/home/graphical/vscode/default.nix b/home/graphical/vscode/default.nix
index 219e80f..88c6714 100644
--- a/home/graphical/vscode/default.nix
+++ b/home/graphical/vscode/default.nix
@@ -12,23 +12,18 @@ in
   config = mkIf cfg.enable {
     programs.vscode = {
       package = pkgs.vscode;
-      enableUpdateCheck = false;
-      extensions = with pkgs.vscode-extensions; [
-        rust-lang.rust-analyzer
-        ms-vscode-remote.remote-ssh
-        ms-vscode-remote.remote-ssh-edit
-        tamasfe.even-better-toml
-      ];
-      userSettings = {
-        editor.formatOnSave = true;
-        terminal.integrated.inheritEnv = false;
-        git.autofetch = true;
-        remote.SSH = {
-          connectTimeout = 60;
-          useLocalServer = true;
-          remotePlatform = {
-            "192.168.122.152" = "linux";
-          };
+      profiles.default = {
+        enableUpdateCheck = false;
+        extensions = with pkgs.vscode-extensions; [
+          rust-lang.rust-analyzer
+          ms-vscode-remote.remote-ssh
+          ms-vscode-remote.remote-ssh-edit
+          tamasfe.even-better-toml
+        ];
+        userSettings = {
+          editor.formatOnSave = true;
+          terminal.integrated.inheritEnv = false;
+          git.autofetch = true;
         };
       };
     };
diff --git a/home/terminal/git/default.nix b/home/terminal/git/default.nix
index 4530c33..4ee2724 100644
--- a/home/terminal/git/default.nix
+++ b/home/terminal/git/default.nix
@@ -16,7 +16,7 @@
         editor = "${pkgs.neovim}/bin/nvim";
       };
       init = {
-        defaultBranch = "master";
+        defaultBranch = "main";
       };
       merge = {
         conflictstyle = "diff3";
diff --git a/options/services/nysh.nix b/options/services/nysh.nix
index abafc33..07c3c6c 100644
--- a/options/services/nysh.nix
+++ b/options/services/nysh.nix
@@ -33,7 +33,6 @@ in
         Type = "simple";
         ExecStart = "/bin/sh -lc ${cfg.package}/bin/nysh";
         Restart = "on-failure";
-
         NoNewPrivileges = true;
       };
     };
diff --git a/options/services/tailscale.nix b/options/services/tailscale.nix
index 33eb999..941c312 100644
--- a/options/services/tailscale.nix
+++ b/options/services/tailscale.nix
@@ -18,6 +18,7 @@ let
     enum
     bool
     ;
+  inherit (lib.my) getExe;
   cfg = config.modules.services.tailscale;
 in
 {
@@ -86,14 +87,29 @@ in
       description = "tailscale system tray";
       wantedBy = [ "graphical-session.target" ];
       after = [ "graphical-session.target" ];
-      path = [ pkgs.polkit ];
+      path = with pkgs; [
+        polkit
+        tailscale
+      ];
       serviceConfig = {
         Type = "simple";
-        ExecStart = "/bin/sh -lc ${pkgs.tailscale-systray}/bin/tailscale-systray";
+        ExecStart = getExe pkgs.tail-tray;
         Restart = "on-failure";
         RestartSec = 1;
         TimeoutStopSec = 10;
         IPAddressDeny = "any";
+        NoNewPrivileges = true;
+        ProtectClock = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectKernelLogs = true;
+        SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
+        #  ProtectControlGroups = true;
+        #RestrictNamespaces = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
       };
     };
   };
diff --git a/users/ny/default.nix b/users/ny/default.nix
index 0d5996a..d855773 100644
--- a/users/ny/default.nix
+++ b/users/ny/default.nix
@@ -26,7 +26,6 @@ in
     ]
     ++ (with pkgs; [
       keepassxc
-      digikam
       fragments
       element-desktop
       libreoffice