diff --git a/config/domain-config/sea.fudo.org.nix b/config/domain-config/sea.fudo.org.nix
index 1b2cefd..d93d696 100644
--- a/config/domain-config/sea.fudo.org.nix
+++ b/config/domain-config/sea.fudo.org.nix
@@ -95,12 +95,18 @@ in {
                 toString config.services.immichContainer.port
               }/";
             recommendedProxySettings = true;
+            extraConfig = ''
+              client_max_body_size 1024M;
+            '';
           };
           "pics.fudo.ninja".locations."/" = mkIf (hostname == immichHost) {
             proxyPass = "http://127.0.0.1:${
                 toString config.services.immichContainer.port
               }/";
             recommendedProxySettings = true;
+            extraConfig = ''
+              client_max_body_size 1024M;
+            '';
           };
         };
       };
diff --git a/config/host-config/fimbria.nix b/config/host-config/fimbria.nix
index 7bac299..621f376 100644
--- a/config/host-config/fimbria.nix
+++ b/config/host-config/fimbria.nix
@@ -259,6 +259,9 @@ in {
               proxyPass = "http://immich.sea.fudo.org/";
               proxyWebsockets = true;
               recommendedProxySettings = true;
+              extraConfig = ''
+                client_max_body_size 1024M;
+              '';
             };
           };
         };
diff --git a/config/host-config/jazz.nix b/config/host-config/jazz.nix
index 4862b44..971b39c 100644
--- a/config/host-config/jazz.nix
+++ b/config/host-config/jazz.nix
@@ -10,12 +10,6 @@ in {
     firewall.enable = false;
   };
 
-  systemd.tmpfiles.rules = [
-    "L /etc/adjtime            - - - - ${stateDir}/etc/adjtime"
-    "d ${stateDir}/lib/cups    755 root root - -"
-    "d ${stateDir}/lib/flatpak 755 root root - -"
-  ];
-
   services.xserver = {
     layout = "us";
     xkbVariant = mkForce "";
@@ -47,13 +41,21 @@ in {
       nixos.source = "/etc/nixos-live";
       NIXOS.source = "${stateDir}/etc/NIXOS";
     };
-    systemPackages = with pkgs; [ bluez-tools ];
+    systemPackages = with pkgs; [ bluez-tools steam-run ];
   };
 
-  systemd.targets = {
-    sleep.enable = false;
-    suspend.enable = false;
-    hibernate.enable = false;
-    hybrid-sleep.enable = false;
+  systemd = {
+    tmpfiles.rules = [
+      "L /etc/adjtime            - - - - ${stateDir}/etc/adjtime"
+      "d ${stateDir}/lib/cups    755 root root - -"
+      "d ${stateDir}/lib/flatpak 755 root root - -"
+    ];
+
+    targets = {
+      sleep.enable = false;
+      suspend.enable = false;
+      hibernate.enable = false;
+      hybrid-sleep.enable = false;
+    };
   };
 }
diff --git a/config/host-config/toothless.nix b/config/host-config/toothless.nix
index e310dcd..47e1b8d 100644
--- a/config/host-config/toothless.nix
+++ b/config/host-config/toothless.nix
@@ -79,7 +79,7 @@ in {
     hardware = {
       nvidia = {
         nvidiaSettings = true;
-        package = config.boot.kernelPackages.nvidiaPackages.production;
+        package = config.boot.kernelPackages.nvidiaPackages.beta;
       };
       opengl = {
         enable = true;
@@ -90,19 +90,18 @@ in {
     services.xserver.videoDrivers = [ "nvidia" ];
 
     virtualisation = {
-      podman = {
+      docker = {
         enable = true;
         autoPrune.enable = true;
-        dockerSocket.enable = true;
-        dockerCompat = true;
+        # dockerSocket.enable = true;
+        # dockerCompat = true;
         enableNvidia = true;
-        defaultNetwork.settings = {
-          dns_enabled = true;
-          network_dns_servers = [ "1.1.1.1" "8.8.4.4" ];
-        };
+        # defaultNetwork.settings = {
+        #   dns_enabled = true;
+        #   network_dns_servers = [ "1.1.1.1" "8.8.4.4" ];
+        # };
       };
-      oci-containers.backend = "podman";
-      arion.backend = "podman-socket";
+      oci-containers.backend = "docker";
     };
 
     systemd.targets = {
diff --git a/config/profile-config/host/kerberos.nix b/config/profile-config/host/kerberos.nix
index 057f91c..f3ce8e5 100644
--- a/config/profile-config/host/kerberos.nix
+++ b/config/profile-config/host/kerberos.nix
@@ -57,8 +57,15 @@ in {
             "When host keytab is available or changed, activate copy job.";
           path = with pkgs; [ systemd ];
           serviceConfig = { Type = "oneshot"; };
-          # after = [ "fudo-secrets.target" ];
-          script = "systemctl restart ${hostname}-copy-keytab.service";
+          serviceConfig = {
+            ExecStartPre = pkgs.writeShellScript "await-keytab.sh" ''
+              while [ ! -f /etc/krb5.keytab ]; do
+                sleep 5
+              done
+              exit 0
+            '';
+            ExecStart = "systemctl restart ${hostname}-copy-keytab.service";
+          };
         };
 
         "${hostname}-copy-keytab" = {
diff --git a/flake.lock b/flake.lock
index e04fce4..deeba88 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5707,11 +5707,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716347973,
-        "narHash": "sha256-Mbmxitjy0xKPBWPOFv92+IV3AJ8uBFzPmpYNjPakO9c=",
+        "lastModified": 1716501010,
+        "narHash": "sha256-WkyaJuIrtln77oDfW5WpCaQ9M79/gC7+ZOCNnViLt18=",
         "ref": "refs/heads/master",
-        "rev": "8ac74302282ae0227a433ac2f6ebc508d7ca4a5f",
-        "revCount": 21,
+        "rev": "183544485546e9464d6a68cf5038e43ab1bd0613",
+        "revCount": 38,
         "type": "git",
         "url": "https://fudo.dev/public/immich-ml-container.git"
       },
diff --git a/flake.nix b/flake.nix
index bb7e74b..7a7e4f8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -235,6 +235,9 @@
                 unstable.factorio-headless-experimental;
             })
             (final: prev: { inherit textfiles; })
+            (final: prev: {
+              nvidia-container-toolkit = unstable.nvidia-container-toolkit;
+            })
           ];
         };