diff --git a/home/by-host/aepplet/default.nix b/home/by-host/aepplet/default.nix
new file mode 100644
index 0000000..e31778e
--- /dev/null
+++ b/home/by-host/aepplet/default.nix
@@ -0,0 +1,5 @@
+{...}: {
+  bosun = {
+    key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjqieS4GkYAa1WRYZpxjgYsj7VGZ9U+rTFCkX8M0umD";
+  };
+}
diff --git a/home/by-host/endurance/communication.nix b/home/by-host/endurance/communication.nix
index a4569cf..5371de1 100644
--- a/home/by-host/endurance/communication.nix
+++ b/home/by-host/endurance/communication.nix
@@ -69,6 +69,7 @@ in {
     reader
     tdf
     slack
+    signal-desktop
     telegram-desktop
     vesktop # Discord client
     # jitsi-meet
diff --git a/home/by-host/endurance/config/dev.nix b/home/by-host/endurance/config/dev.nix
index 84e4b1f..5e1c459 100644
--- a/home/by-host/endurance/config/dev.nix
+++ b/home/by-host/endurance/config/dev.nix
@@ -35,6 +35,7 @@
     claude-monitor
     devenv
     gitui
+    tea
     harbor.oryx # TUI for sniffing network traffic using eBPF
 
     # BMAD
@@ -54,8 +55,8 @@
     php82Packages.composer
 
     bun
-    nodejs_20
-    nodejs_20.pkgs.pnpm
+
+    nomad
   ];
 
   bosun.secrets.npmrc = {
@@ -77,33 +78,33 @@
       enable = true;
       # package = inputs.unstable.${system}.claude-code;
 
-      mcpServers = {
-        fetch = {
-          args = ["-y" "@modelcontextprotocol/server-fetch"];
-          command = "npx";
-          type = "stdio";
-        };
-        playwright = {
-          args = ["-y" "@modelcontextprotocol/server-playwright"];
-          command = "npx";
-          type = "stdio";
-        };
-        stackexchange = {
-          args = ["-y" "mcp-server-stackexchange"];
-          command = "npx";
-          type = "stdio";
-        };
-        arxiv = {
-          args = ["-y" "mcp-server-arxiv"];
-          command = "npx";
-          type = "stdio";
-        };
-        claudezilla = {
-          command = "bun";
-          args = ["/home/toph/code/vendor/claudezilla/mcp/server.js"];
-          type = "stdio";
-        };
-      };
+      # mcpServers = {
+      #   fetch = {
+      #     args = ["-y" "@modelcontextprotocol/server-fetch"];
+      #     command = "npx";
+      #     type = "stdio";
+      #   };
+      #   playwright = {
+      #     args = ["-y" "@modelcontextprotocol/server-playwright"];
+      #     command = "npx";
+      #     type = "stdio";
+      #   };
+      #   stackexchange = {
+      #     args = ["-y" "mcp-server-stackexchange"];
+      #     command = "npx";
+      #     type = "stdio";
+      #   };
+      #   arxiv = {
+      #     args = ["-y" "mcp-server-arxiv"];
+      #     command = "npx";
+      #     type = "stdio";
+      #   };
+      #   claudezilla = {
+      #     command = "bun";
+      #     args = ["/home/toph/code/vendor/claudezilla/mcp/server.js"];
+      #     type = "stdio";
+      #   };
+      # };
     };
   };
 }
diff --git a/home/by-host/endurance/default.nix b/home/by-host/endurance/default.nix
index cb2f15f..9918a24 100644
--- a/home/by-host/endurance/default.nix
+++ b/home/by-host/endurance/default.nix
@@ -1,6 +1,7 @@
 {
   pkgs,
   config,
+  inputs,
   ...
 } @ all: {
   bosun.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl33DPxxzxrNNjM8rL4ktAj4ExzCyGiU8rKog0csxNA";
@@ -153,6 +154,9 @@
       harbor.quick-zeal
       harbor.spawn-term
     ];
+
+    username = "toph";
+    homeDirectory = "/home/toph";
   };
 
   # home.file.".config/Yubico/u2f_keys".text = "christopher:C7akk/T8XYov6fOk3rGo0ZW66QPMtdLnGznPuK+tTh/qmPecvECzGVMKJuh5M7nYsMoT6r/idAP88FGinf/rpw==,ydS/PgUALZriaaHYS81u3x8rRFulq727GDJRlvbJhP2yeKK7Ih+xqRceyabLR3MxRN8PT/MtC1I/Xjaxl0S2Rg==,es256,+presence";
diff --git a/home/by-host/endurance/per-host/aepplet/default.nix b/home/by-host/endurance/per-host/aepplet/default.nix
deleted file mode 100644
index 793d234..0000000
--- a/home/by-host/endurance/per-host/aepplet/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{pkgs, ...}: {
-  bosun.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUKDCjB0VpQubi8BfnYKbh4MIE1tcvKQesdoPE4NXAf";
-
-  home.packages = with pkgs; [
-    helix
-  ];
-}
diff --git a/home/by-host/endurance/per-host/fram.nix b/home/by-host/endurance/per-host/fram.nix
deleted file mode 100644
index a3a04ca..0000000
--- a/home/by-host/endurance/per-host/fram.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
-  elements.secrets = {
-    rekeyPath = "christopher_beryllium";
-    key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUKDCjB0VpQubi8BfnYKbh4MIE1tcvKQesdoPE4NXAf";
-
-    needs = {
-      traefik-env = "traefik.env.age";
-    };
-  };
-
-  # virtualisation.quadlet.containers = {
-  #   echo = {
-  #     autoStart = true;
-  #     serviceConfig = {
-  #       RestartSec = "10";
-  #       Restart = "always";
-  #     };
-  #     containerConfig = {
-  #       image = "docker.io/mendhak/http-https-echo:31";
-  #       publishPorts = ["127.0.0.1:8080:8080"];
-  #     };
-  #   };
-  # };
-
-  home.packages = with pkgs; [
-    helix
-  ];
-}
diff --git a/home/by-host/endurance/per-host/vasa.nix b/home/by-host/endurance/per-host/vasa.nix
deleted file mode 100644
index d8e9fff..0000000
--- a/home/by-host/endurance/per-host/vasa.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{pkgs, ...}: {
-  bosun.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl33DPxxzxrNNjM8rL4ktAj4ExzCyGiU8rKog0csxNA";
-
-  home.packages = with pkgs; [
-    harbor.to-s3
-    harbor.connect-to-mercury
-  ];
-}
diff --git a/home/by-host/endurance/wakatime.nix b/home/by-host/endurance/wakatime.nix
new file mode 100644
index 0000000..7099e5e
--- /dev/null
+++ b/home/by-host/endurance/wakatime.nix
@@ -0,0 +1,14 @@
+{pkgs, ...}: {
+  home.packages = [pkgs.wakatime-cli];
+
+  # programs.fish = {
+  #   interactiveShellInit = ''
+  #     function __wakatime_hook --on-event fish_prompt
+  #       wakatime-cli --write --plugin "fish-wakatime/0.1" \
+  #         --entity-type app \
+  #         --project (basename (pwd)) \
+  #         --entity (pwd) &
+  #     end
+  #   '';
+  # };
+}
diff --git a/hosts/endurance/default.nix b/hosts/endurance/default.nix
index 74abadf..c418801 100644
--- a/hosts/endurance/default.nix
+++ b/hosts/endurance/default.nix
@@ -27,6 +27,50 @@
     interfaces.eno1.wakeOnLan.enable = true;
   };
 
+  # Nomad client-only (no server) â€” joins the cluster for GPU/compute tasks
+  services.nomad = {
+    enable = true;
+    dropPrivileges = false;
+    extraSettingsPaths = [
+      (builtins.toFile "docker-plugin.hcl" ''
+        plugin "docker" {
+          config {
+            volumes {
+              enabled = true
+            }
+          }
+        }
+      '')
+    ];
+    settings = {
+      datacenter = "home";
+      bind_addr = "{{ GetInterfaceIP \"tailscale0\" }}";
+      addresses = {
+        http = "0.0.0.0";
+      };
+      advertise = {
+        http = "{{ GetInterfaceIP \"tailscale0\" }}";
+        rpc = "{{ GetInterfaceIP \"tailscale0\" }}";
+        serf = "{{ GetInterfaceIP \"tailscale0\" }}";
+      };
+      client = {
+        enabled = true;
+        servers = ["alvin" "fram" "great-western"];
+        node_class = "workstation";
+        meta = {
+          has_gpu = "true";
+          has_display = "true";
+          location = "local";
+        };
+      };
+    };
+  };
+
+  # Make nomad CLI work with Tailscale-bound API
+  environment.etc."profile.d/nomad.sh".text = ''
+    export NOMAD_ADDR="http://$(tailscale ip -4):4646"
+  '';
+
   programs = {
     weylus.users = ["toph"];
 
diff --git a/modules/nixos/users.nix b/modules/nixos/users.nix
index 062f368..3e8b86d 100644
--- a/modules/nixos/users.nix
+++ b/modules/nixos/users.nix
@@ -16,8 +16,12 @@
     home-manager = {
       useGlobalPkgs = true;
       useUserPackages = true;
+      backupFileExtension = "hm-bak";
 
-      users.toph = inputs.self.homeConfigurations."toph@${hostname}";
+      users.toph.imports = [
+        (inputs.self + "/modules/home")
+        (inputs.self + "/home/by-host/${hostname}")
+      ];
 
       extraSpecialArgs = {
         inherit inputs hostname;
diff --git a/secrets/rekeyed/toph.aepplet/0abeaf0474074a50285a177aacd7ec0f-id_ethnuc.age b/secrets/rekeyed/toph.aepplet/0abeaf0474074a50285a177aacd7ec0f-id_ethnuc.age
deleted file mode 100644
index 50a5900..0000000
Binary files a/secrets/rekeyed/toph.aepplet/0abeaf0474074a50285a177aacd7ec0f-id_ethnuc.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/0f948eedfa8d6e97a197d3e5df42c92e-id_hausgold.age b/secrets/rekeyed/toph.aepplet/0f948eedfa8d6e97a197d3e5df42c92e-id_hausgold.age
deleted file mode 100644
index 4882452..0000000
--- a/secrets/rekeyed/toph.aepplet/0f948eedfa8d6e97a197d3e5df42c92e-id_hausgold.age
+++ /dev/null
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 Sih9FA sjJK2xzSS5NIMYO9oRqdZP31M2DJMlMT17dvMe6QFm8
-mynrRQPbUA3q0Kzq0pSwPaLUjXKRQRi4AWYGQAZDXeg
--> 2!Ioi2-grease 8X6n Z/BVM# c%x9*
-rwvXE/SCfEvdqk5AHvLu4viy0o/eVLqzBx6C/b23EFv0jY8RGim7avCRM+AgaSUl
-kjTCXxYyVNUVSS4FfNS3/HCCKBWUUDTKKjiOet33Q1jhh3xYP89nAHzjjWN3KmrE
-xAY
---- sFHXIDP2M1/uZFVMp+vc085sWpY+TQt3MKTb+p3Kyuo
-éxÀq×àì¢n(HÐ¥N_%¡ªAë}=8’¨æ”^Ö)ÇÐxð­ØZ¯Öl!rI2ª¸K¼Ë,hÒUîé …ÊáaC?HÜzÖ¥LDÅP@/ÔƒžÔ¦«À°W~éÕ“±hR7å)E)ø8ªƒºivWqz×\ %&â¾íN¶:J½:]îœvÀ‚Ô—Z2P|ÌÒÈx+&ƒd¶ÁGo#èsovêbÚïˆØ· ;Tbé	ð©31|ˆïŠ¥ø]Äá³¸ÝžâEvÖ{ôš¥·7O<60Ší°¢~HJóõ´&)ÕC4çsñB[%àŒŠe Dªj´/DÎ«ËrinÅî3`Sg‡/9]¸	X&S¡75!§ç™µ¦A`§€{‚«¤VtŽ8MV»7«]iËÂ$ê7®±ÛÒj=OÄMdbã·:²Iäcnä®xþ:|'Htì<{ë„ÌôË§‹,ú;,k‹y?DÁ$BÖÉÇŒ
-&-5:ð`mùäBµœ°Ó}ì®¸Ègƒþ‘Qæ¼ïÃ–R…&ªºw»5†ê8˜ ÓZÆQ`<«Æ¶oó&…Ã+ÂÅ×%¯>ø59œÇWtƒvÛw¶ûöëˆJµ?%fÌ
\ No newline at end of file
diff --git a/secrets/rekeyed/toph.aepplet/241c114c18645057167f14101ddcdbcb-id_homeassistant.age b/secrets/rekeyed/toph.aepplet/241c114c18645057167f14101ddcdbcb-id_homeassistant.age
deleted file mode 100644
index f1b6471..0000000
Binary files a/secrets/rekeyed/toph.aepplet/241c114c18645057167f14101ddcdbcb-id_homeassistant.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/68a44c5680f7a6e57f6cc276f6fae690-repoUpdatePAT.age b/secrets/rekeyed/toph.aepplet/68a44c5680f7a6e57f6cc276f6fae690-repoUpdatePAT.age
deleted file mode 100644
index 8c84fc0..0000000
Binary files a/secrets/rekeyed/toph.aepplet/68a44c5680f7a6e57f6cc276f6fae690-repoUpdatePAT.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/6e09e324e621f167ae6a8b9dc2ca0529-id_alvin.age b/secrets/rekeyed/toph.aepplet/6e09e324e621f167ae6a8b9dc2ca0529-id_alvin.age
deleted file mode 100644
index 6284f3f..0000000
Binary files a/secrets/rekeyed/toph.aepplet/6e09e324e621f167ae6a8b9dc2ca0529-id_alvin.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/8557eb9e3b4043fdf9b0d1dc975f29d7-config.age b/secrets/rekeyed/toph.aepplet/8557eb9e3b4043fdf9b0d1dc975f29d7-config.age
deleted file mode 100644
index d8e1392..0000000
Binary files a/secrets/rekeyed/toph.aepplet/8557eb9e3b4043fdf9b0d1dc975f29d7-config.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/a3984008ff2b9a3226656619c81e4c47-emailPassword.age b/secrets/rekeyed/toph.aepplet/a3984008ff2b9a3226656619c81e4c47-emailPassword.age
deleted file mode 100644
index 4f8906d..0000000
--- a/secrets/rekeyed/toph.aepplet/a3984008ff2b9a3226656619c81e4c47-emailPassword.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 Sih9FA d9oQaF1sdS+4mUZvKWU90rPM3jdb/xaa+LPWwnhpFQQ
-Vji46uZEvcIbBALfvguE7u1o9LY6tiWeTXNU33O7WnI
--> vL8-grease i%AP\3gI { -{r^< OC
-Ag5+BVEroMpIJUVBfMDzbg4e2ZeInDVmfsGGuAjyXk3bpQ1PButowEYp94tqXFcO
-7ym1I8DzL7VfBB+MvSr7DYN7yH6wuopXh+WnPg
---- Ee6HhsFrv9FF48pi8Uh3aIm9gSnOCUEdNJrj9wXLh/Q
-„Ô¼ &À98ÛÞƒÉ@;©µ60*i‚ cxJg5!W^pqZ&ZßúÕFw¬¹ºö
\ No newline at end of file
diff --git a/secrets/rekeyed/toph.aepplet/bf37e236fcc3c1ce07d32b54d70f80ef-id_europium.age b/secrets/rekeyed/toph.aepplet/bf37e236fcc3c1ce07d32b54d70f80ef-id_europium.age
deleted file mode 100644
index f67231b..0000000
Binary files a/secrets/rekeyed/toph.aepplet/bf37e236fcc3c1ce07d32b54d70f80ef-id_europium.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/d5d9325b86283f0a1572f2817924fea4-id_github.age b/secrets/rekeyed/toph.aepplet/d5d9325b86283f0a1572f2817924fea4-id_github.age
deleted file mode 100644
index b823f5a..0000000
Binary files a/secrets/rekeyed/toph.aepplet/d5d9325b86283f0a1572f2817924fea4-id_github.age and /dev/null differ
diff --git a/secrets/rekeyed/toph.aepplet/f163a86f52bfaee9d516fee4b00a5111-npmrc.age b/secrets/rekeyed/toph.aepplet/f163a86f52bfaee9d516fee4b00a5111-npmrc.age
deleted file mode 100644
index a04d554..0000000
--- a/secrets/rekeyed/toph.aepplet/f163a86f52bfaee9d516fee4b00a5111-npmrc.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 Sih9FA fq3C2igBpOWJjLT9ZYzNTHTIxis4KNxJGqKqxUOFGAA
-hh2mbDtaqH9ZfHg4gl7t01sxqueb8VjHwLyAlcGG7uo
--> PpA-grease
-OVR9M24Xu72ydIujacdy3E5wY2j1O5yoN197/G2C2Q36gIq/2uxAaYY97zQgaPb8
-ceu566Z0DqfToCVFAptnuRIY6YeIFIOeUA
---- axV+75oHmhVN+nWRivvDNlDokS2oQU4s6SIeLecO3yg
-©4NÊíŒi+$ð˜XÖ?º[0ûwInÀ¶÷ª¥öâaUæÜ…Ë¦D,wVvçœWbËþšóÙÌ´HÄ²f#±“ìÕïýº>ñíé¨MßuÔq‘ü,¤á×˜_"wÔéÐÖY„ Ø‰í/$#ÎEjÑ
\ No newline at end of file
diff --git a/secrets/rekeyed/toph.endurance/7460ff1788187929a55785e10ce8f4d2-config.age b/secrets/rekeyed/toph.endurance/7460ff1788187929a55785e10ce8f4d2-config.age
new file mode 100644
index 0000000..51ea1f2
Binary files /dev/null and b/secrets/rekeyed/toph.endurance/7460ff1788187929a55785e10ce8f4d2-config.age differ
diff --git a/secrets/rekeyed/toph.endurance/8557eb9e3b4043fdf9b0d1dc975f29d7-config.age b/secrets/rekeyed/toph.endurance/8557eb9e3b4043fdf9b0d1dc975f29d7-config.age
deleted file mode 100644
index b4dcaed..0000000
Binary files a/secrets/rekeyed/toph.endurance/8557eb9e3b4043fdf9b0d1dc975f29d7-config.age and /dev/null differ
diff --git a/secrets/ssh/config.age b/secrets/ssh/config.age
index 3ca7691..95a569b 100644
Binary files a/secrets/ssh/config.age and b/secrets/ssh/config.age differ