diff --git a/flake.lock b/flake.lock
index 6b223da..a158800 100644
--- a/flake.lock
+++ b/flake.lock
@@ -318,11 +318,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1751271578,
-        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
+        "lastModified": 1755186698,
+        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
+        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
         "type": "github"
       },
       "original": {
diff --git a/hosts/thegeneralist-central/archive/default.nix b/hosts/thegeneralist-central/archive/default.nix
index a19a6b0..0e8594a 100644
--- a/hosts/thegeneralist-central/archive/default.nix
+++ b/hosts/thegeneralist-central/archive/default.nix
@@ -5,7 +5,7 @@ let
   ssl = {
     forceSSL = true;
     quic = true;
-    useACMEHost = domain;
+    useACMEHost = acmeDomain;
   };
 in
 {
diff --git a/hosts/thegeneralist-central/dns.nix b/hosts/thegeneralist-central/dns.nix
index e58bda0..73c537e 100644
--- a/hosts/thegeneralist-central/dns.nix
+++ b/hosts/thegeneralist-central/dns.nix
@@ -1,75 +1,42 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
-  internalZoneFile = pkgs.writeText "internal.zone" ''
-    $ORIGIN internal.thegeneralist01.com.
-    @   IN SOA  ns.internal.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025071801 ; serial (yyyymmddXX)
+  subdomains = [ "internal" "archive" "crawler" "r" "b" "s" "p" "q" "cloud" ];
+
+  mainZoneFile = pkgs.writeText "thegeneralist01.zone" ''
+    $ORIGIN thegeneralist01.com.
+    @   IN SOA  ns.thegeneralist01.com. thegeneralist01.proton.me. (
+          2025081501 ; serial (yyyymmddXX)
           3600       ; refresh
           600        ; retry
           86400      ; expire
           3600       ; minimum
     )
-        IN NS   ns.internal.thegeneralist01.com.
+        IN NS   ns.thegeneralist01.com.
     ns  IN A    100.86.129.23
     @   IN A    100.86.129.23
+    ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)}
   '';
 
-  archiveZoneFile = pkgs.writeText "archive.zone" ''
-    $ORIGIN archive.thegeneralist01.com.
-    @   IN SOA  ns.archive.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025073101 ; serial (yyyymmddXX)
-          3600       ; refresh
-          600        ; retry
-          86400      ; expire
-          3600       ; minimum
-    )
-        IN NS   ns.archive.thegeneralist01.com.
-    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
-  '';
-
-  crawlerZoneFile = pkgs.writeText "crawler.zone" ''
-    $ORIGIN crawler.thegeneralist01.com.
-    @   IN SOA  ns.crawler.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025080801 ; serial (yyyymmddXX)
-          3600       ; refresh
-          600        ; retry
-          86400      ; expire
-          3600       ; minimum
-    )
-        IN NS   ns.crawler.thegeneralist01.com.
-    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
+  forwarderBlock = ''
+    .:53 {
+      forward . 100.100.100.100 45.90.28.181 45.90.30.181
+      cache
+      log
+      errors
+    }
   '';
 in
 {
   services.coredns = {
     enable = true;
     config = ''
-      internal.thegeneralist01.com:53 {
-        file ${internalZoneFile}
+      thegeneralist01.com:53 {
+        file ${mainZoneFile}
         log
         errors
       }
 
-      archive.thegeneralist01.com:53 {
-        file ${archiveZoneFile}
-        log
-        errors
-      }
-
-      crawler.thegeneralist01.com:53 {
-        file ${crawlerZoneFile}
-        log
-        errors
-      }
-
-      .:53 {
-        forward . 100.100.100.100 45.90.28.181 45.90.30.181
-        cache
-        log
-        errors
-      }
+      ${forwarderBlock}
     '';
   };
 
diff --git a/hosts/thegeneralist-central/site.nix b/hosts/thegeneralist-central/site.nix
index 6d9ebd4..2f2690b 100644
--- a/hosts/thegeneralist-central/site.nix
+++ b/hosts/thegeneralist-central/site.nix
@@ -14,7 +14,7 @@ in {
     package                       = pkgs.nginxQuic;
     enableQuicBPF                 = true;
 
-    recommendedZstdSettings       = true;
+    experimentalZstdSettings      = true;
     recommendedUwsgiSettings      = true;
     recommendedTlsSettings        = true;
     recommendedProxySettings      = true;
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index b2e5528..130de89 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -25,7 +25,7 @@ in {
       "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
     ];
 
-    trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" ];
+    trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" "jellyfin" ];
 
     builders-use-substitutes = true;
   };
diff --git a/modules/common/nushell/config.nu b/modules/common/nushell/config.nu
index 0293f4b..6d096f0 100644
--- a/modules/common/nushell/config.nu
+++ b/modules/common/nushell/config.nu
@@ -22,7 +22,7 @@ $env.config.completions = {
     enable:      true
     max_results: 100
     completer:   {|tokens: list<string>|
-      let expanded = scope aliases | where name == $tokens.0 | get --ignore-errors expansion.0
+      let expanded = scope aliases | where name == $tokens.0 | get --optional expansion.0
 
       mut expanded_tokens = if $expanded != null and $tokens.0 != "cd" {
         $expanded | split row " " | append ($tokens | skip 1)