diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index a08c54e..36bf773 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -13,5 +13,6 @@
     ./forgejo-actions-runner.nix
     ./oidc-agent.nix
     ./miniflux.nix
+    ./immich.nix
   ];
 }
diff --git a/modules/nixos/immich.nix b/modules/nixos/immich.nix
index a7c5ba9..d79afc1 100644
--- a/modules/nixos/immich.nix
+++ b/modules/nixos/immich.nix
@@ -31,7 +31,7 @@ in
         "/etc/immich" = {
           d = {
             inherit user group;
-            mode = "0600";
+            mode = "0700";
           };
         };
         "/etc/immich/config.json" = {
@@ -53,5 +53,8 @@ in
         Environment = "IMMICH_CONFIG_FILE=%d/config";
       };
     };
+
+    # https://github.com/NixOS/nixpkgs/pull/324127/files#r1723763510
+    services.immich.redis.host = "/run/redis-immich/redis.sock";
   };
 }
diff --git a/modules/nixos/restic.nix b/modules/nixos/restic.nix
index 1d6685c..7410a53 100644
--- a/modules/nixos/restic.nix
+++ b/modules/nixos/restic.nix
@@ -1,6 +1,6 @@
+# TODO: https://github.com/lilyinstarlight/foosteros/blob/dfe1ab3eb68bfebfaa709482d52fa04ebdde81c8/config/restic.nix#L23 <- this is better
 {
   config,
-  pkgs,
   lib,
   ...
 }:
@@ -11,6 +11,14 @@ in
   options = {
     custom.restic = {
       enable = lib.mkEnableOption "restic";
+      paths = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [
+          "/home"
+          "/var/lib"
+        ];
+      };
+      prune = lib.mkEnableOption "auto prune remote restic repo";
       repositoryFile = lib.mkOption {
         type = lib.types.str;
         default = "";
@@ -22,14 +30,10 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
-    services.restic.backups = {
-      remotebackup = {
+    services.restic.backups.${config.networking.hostName} = lib.mkMerge [
+      {
         repositoryFile = cfg.repositoryFile;
         passwordFile = cfg.passwordFile;
-        paths = [
-          "/home"
-          "/var/lib"
-        ];
         exclude = [
           "/home/*/.cache"
           "/home/*/.cargo"
@@ -40,13 +44,24 @@ in
           OnCalendar = "00:05";
           RandomizedDelaySec = "5h";
         };
-        pruneOpts = [
+        pruneOpts = lib.mkIf cfg.prune [
           "--keep-daily 7"
           "--keep-weekly 5"
           "--keep-monthly 12"
           "--keep-yearly 75"
         ];
-      };
-    };
+        paths = lib.mkDefault cfg.paths;
+        initialize = true;
+      }
+      (lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
+        backupPrepareCommand = ''
+          btrfs subvolume snapshot -r / backup
+        '';
+        backupCleanupCommand = ''
+          btrfs subvolume delete /backup 
+        '';
+        paths = map (p: "/backup" + p) cfg.paths;
+      })
+    ];
   };
 }
diff --git a/modules/nixos/stylix.nix b/modules/nixos/stylix.nix
index acefcae..c5e546b 100644
--- a/modules/nixos/stylix.nix
+++ b/modules/nixos/stylix.nix
@@ -33,7 +33,8 @@ in
 
     stylix.targets = {
       console.enable = true;
-      gnome.enable = if config.services.xserver.desktopManager.gnome.enable then true else false;
+      # gnome.enable = if config.services.xserver.desktopManager.gnome.enable then true else false;
+      gnome.enable = false;
       gtk.enable = true;
     };
   };
diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix
index 82c0e41..2f5de11 100644
--- a/modules/nixos/vaultwarden.nix
+++ b/modules/nixos/vaultwarden.nix
@@ -43,6 +43,7 @@ in
     };
     services.caddy = mkIf cfg.caddy {
       enable = true;
+
       virtualHosts."https://${cfg.domain}".extraConfig = ''
         reverse_proxy ${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}
       '';