diff --git a/configuration.nix b/configuration.nix
index 23c4c58..ec8fc82 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -30,6 +30,7 @@
   time.timeZone = "Europe/Berlin";
 
   services.openssh.enable = true;
+
   networking.firewall.enable = true;
 
   nixpkgs.config.permittedInsecurePackages = [
diff --git a/roles/admin.nix b/roles/admin.nix
index 182ab4d..7256f86 100644
--- a/roles/admin.nix
+++ b/roles/admin.nix
@@ -1,7 +1,6 @@
 { pkgs, options, ... }:
 
 let
-unstable = import <nixos-unstable> { config.allowUnfree = true; };
 in {
   environment.systemPackages = with pkgs; [
     cryptsetup
@@ -18,11 +17,12 @@ in {
     whois
     ipcalc
 
-    unstable.argocd
-    unstable.kubernetes-helm
-    unstable.kustomize
-    unstable.terraform-ls
-    unstable.vault
+    argocd
+    kubernetes-helm
+    kustomize
+    pre-commit
+    terraform-ls
+    vault
 
     docker-compose
     fuse-overlayfs
diff --git a/roles/desktop.nix b/roles/desktop.nix
index bade0d7..ae794fb 100644
--- a/roles/desktop.nix
+++ b/roles/desktop.nix
@@ -1,4 +1,4 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+#g Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, ... }:
@@ -7,7 +7,6 @@ let
   colors = config.colors;
   schema = pkgs.gsettings-desktop-schemas;
   datadir = "${schema}/share/gsettings-schemas/${schema.name}";
-  unstable = import <nixos-unstable> { config.allowUnfree = true; };
 in
 {
   programs.droidcam.enable = true;
@@ -110,6 +109,7 @@ in
       destination = "/etc/udev/rules.d/80-uinput.rules";
     })
   ];
+  services.ratbagd.enable = true;
 
   fonts.enableDefaultPackages = true;
   fonts.fontconfig.antialias = true;
@@ -172,7 +172,7 @@ in
     pcmanfm
     qrencode
     remmina
-    unstable.wezterm
+    wezterm
     uxplay
 
     solaar
@@ -227,7 +227,7 @@ in
   services.printing.drivers = [ pkgs.gutenprint ];
   services.avahi = {
     enable = true;
-    nssmdns = true;
+    nssmdns4 = true;
     publish = {
       enable = true;
       addresses = true;
diff --git a/roles/dev.nix b/roles/dev.nix
index c4fd14c..28172b9 100644
--- a/roles/dev.nix
+++ b/roles/dev.nix
@@ -8,28 +8,28 @@ in {
 
   environment.systemPackages = with pkgs; [
     gnumake
-    go_1_19
+    go
     rustup
     shellcheck
     unstable.golangci-lint
     unstable.gopls
     unstable.rust-analyzer
 
-    (python310.withPackages
+    (python311.withPackages
       (python-packages: with python-packages; [
         black
         diagrams
         pymemcache
         pyyaml
         requests
-        python-lsp-server
+        ruff-lsp
       ])
     )
 
     mariadb-client
     musl
 
-    dbeaver
+    dbeaver-bin
     emacs29-pgtk
     gitAndTools.delta
     lazygit
@@ -37,7 +37,6 @@ in {
     parallel
     sops
     tig
-    unstable.bazel
 
     openssl
     pkg-config
diff --git a/roles/mail.nix b/roles/mail.nix
index f2cd7e0..7615422 100644
--- a/roles/mail.nix
+++ b/roles/mail.nix
@@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }:
 
 let
-  unstable = import <nixos-unstable> { config.allowUnfree = true; };
   notcoal = pkgs.callPackage ../packages/notcoal { };
 in {
   environment.systemPackages = with pkgs; [
@@ -11,7 +10,7 @@ in {
     notmuch
     notcoal
     thunderbird
-    unstable.astroid
+    astroid
     vdirsyncer
   ];
 }
diff --git a/roles/network.nix b/roles/network.nix
index 843b7c8..a7b3b84 100644
--- a/roles/network.nix
+++ b/roles/network.nix
@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 
-let unstable = import <nixos-unstable> { config.allowUnfree = true; };
+let
 in {
 
   networking.networkmanager.enable = true;
diff --git a/roles/private.nix b/roles/private.nix
index dd28440..408652f 100644
--- a/roles/private.nix
+++ b/roles/private.nix
@@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }:
 
 let
-  unstable = import <nixos-unstable> { };
   openscad-ls = pkgs.callPackage ../packages/openscad-language-server.nix { };
 in
 {
diff --git a/roles/work.nix b/roles/work.nix
index c697556..502c1ae 100644
--- a/roles/work.nix
+++ b/roles/work.nix
@@ -42,11 +42,16 @@ in {
 
     #192.168.2.111 hass.home.f2o.io
     #192.168.2.111 sync.home.f2o.io
+    192.168.2.111 pl.home.f2o.io
 
     #127.0.0.1 auth-dev.thobits.com
     127.0.0.1 database
     127.0.0.1 youtube.com
     127.0.0.1 www.youtube.com
+
+    34.49.192.42 www.tbone.audio
+    34.49.192.42 jobs.thomann.de
+
   '';
 
   environment.systemPackages = with pkgs; [
@@ -65,16 +70,15 @@ in {
     drone-cli
     govc
     ttyd
-    unstable.discord
-    unstable.go-jira
-    (unstable.google-cloud-sdk.withExtraComponents [
-      unstable.google-cloud-sdk.components.gke-gcloud-auth-plugin
+    discord
+    (google-cloud-sdk.withExtraComponents [
+      google-cloud-sdk.components.gke-gcloud-auth-plugin
     ])
     myslack
-    unstable.velero
+    velero
 
-    unstable.obs-studio
-    unstable.obs-studio-plugins.wlrobs
+    obs-studio
+    obs-studio-plugins.wlrobs
 
     prusa-slicer
   ];
@@ -82,5 +86,4 @@ in {
   # yubikey support
   services.udev.packages = [ pkgs.yubikey-personalization ];
   services.pcscd.enable = true;
-
 }