diff --git a/hosts/muskduck/default.nix b/hosts/muskduck/default.nix
index bdaeb3e..f6245fd 100644
--- a/hosts/muskduck/default.nix
+++ b/hosts/muskduck/default.nix
@@ -1,38 +1,70 @@
-{
+{lib, ...}:
+with lib; {
   # Kernel modules.
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+
   boot.kernelModules = ["kvm-intel"];
 
-  # Full disk encryption.
-  boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/7196bd89-099f-4e9e-80e5-3d6d555272b1";
+  # Enable lanzaboote & secure boot.
+  boot.initrd.systemd.enable = true;
+  boot.loader.systemd-boot.enable = mkForce false;
+  boot.bootspec.enable = true;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+    settings.timeout = 0;
+  };
 
   # Root filesystem.
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
-    fsType = "btrfs";
-    options = ["subvol=root"];
+    device = "/dev/disk/by-uuid/63d79656-aa5b-466a-b369-be5eac3f51ab";
+    fsType = "ext4";
   };
 
-  # Nix directory.
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
-    fsType = "btrfs";
-    options = ["subvol=nix"];
+  boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device = "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d";
+
+  # EFI/boot partition.
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/EBD7-3E1C";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
   };
 
-  # Home directory.
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
-    fsType = "btrfs";
-    options = ["subvol=home"];
+  # Share Music dir.
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        "workgroup" = "FLOCK";
+        "server string" = "muskduck";
+        "netbios name" = "muskduck";
+        "security" = "user";
+      };
+      "Music" = {
+        "path" = "/home/fern/Music";
+        "browseable" = "yes";
+        "read only" = "yes";
+        "guest ok" = "no";
+      };
+    };
   };
 
-  # Swap.
-  fileSystems."/swap" = {
-    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
-    fsType = "btrfs";
-    options = ["subvol=swap"];
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
   };
 
-  swapDevices = [{device = "/swap/swapfile";}];
+  flock.docker = {
+    enable = true;
+  };
 }
diff --git a/hosts/ornithologist/default.nix b/hosts/ornithologist/default.nix
index ae36071..9b00f9a 100644
--- a/hosts/ornithologist/default.nix
+++ b/hosts/ornithologist/default.nix
@@ -7,4 +7,31 @@
 
   # Enable docker.
   flock.docker.enable = true;
+
+  # Deploy NixOS updates once a week.
+  systemd.timers."deploy-rs" = {
+    wantedBy = ["timers.target"];
+    timerConfig = {
+      OnCalendar = "weekly";
+      Persistent = true;
+      Unit = "deploy-rs.service";
+    };
+  };
+
+  systemd.services."deploy-rs" = {
+    path = with pkgs; [openssh git nix deploy-rs];
+    script = ''
+      set -eu
+
+      cd /home/fern/Repositories/flock
+      git pull && nix flake update
+
+      deploy && git commit -m "[ornithologist] Update flake.lock" && git push
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "fern";
+      Group = "users";
+    };
+  };
 }
diff --git a/packages/cups-dymo/default.nix b/packages/cups-dymo/default.nix
index 13c9466..30d1f97 100644
--- a/packages/cups-dymo/default.nix
+++ b/packages/cups-dymo/default.nix
@@ -9,7 +9,6 @@
 }: let
   srcRoot = fetchgit {
     url = "https://github.com/dymosoftware/Drivers.git";
-    rev = "795a815363a4401a30a1c0ef94f3381186172843";
     hash = "sha256-3fRALvyGYVpDL0HyUnjDi+TDTX9yeQG6LfZtNuv42pY=";
   };
 in
diff --git a/suites/desktop/default.nix b/suites/desktop/default.nix
index 9212650..8884a6a 100755
--- a/suites/desktop/default.nix
+++ b/suites/desktop/default.nix
@@ -249,10 +249,7 @@ with lib; {
   # Install some packages.
   programs = {
     steam.enable = true;
-    firefox = {
-      enable = true;
-      package = pkgs.librewolf;
-    };
+    firefox.enable = true;
   };
 
   environment.systemPackages = with pkgs; [
diff --git a/suites/desktop/home.nix b/suites/desktop/home.nix
index 57e3c9f..f8c671e 100644
--- a/suites/desktop/home.nix
+++ b/suites/desktop/home.nix
@@ -31,10 +31,9 @@
     };
   };
 
-  # Librewolf settings
+  # Firefox settings
   programs.firefox = {
     enable = true;
-    package = pkgs.librewolf;
     profiles.default = {};
     profiles.default.settings."identity.sync.tokenserver.uri" = "https://fxsync.fern.garden/1.0/sync/1.5";
   };