diff --git a/flake.lock b/flake.lock
index f958a84..3ed83fb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -233,11 +233,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768598210,
-        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
+        "lastModified": 1768912518,
+        "narHash": "sha256-FJlof1jnbLIT5RbKxef/NV6RzcOj1GoMzXE4FcBFg5Y=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
+        "rev": "9c5f8aceb6ef620e881f50fe65cb4a2c6b1e8527",
         "type": "github"
       },
       "original": {
@@ -254,11 +254,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747978958,
-        "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
+        "lastModified": 1768598210,
+        "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
+        "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
         "type": "github"
       },
       "original": {
@@ -275,11 +275,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767104570,
-        "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=",
+        "lastModified": 1768434960,
+        "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf",
+        "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
         "type": "github"
       },
       "original": {
@@ -294,11 +294,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1767822991,
-        "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=",
+        "lastModified": 1768835187,
+        "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5",
+        "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395",
         "type": "github"
       },
       "original": {
@@ -350,11 +350,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1768475717,
-        "narHash": "sha256-185VOlWF4K9gzwr7M56ArjqDt6beN/5TxCYLEyVPOcs=",
+        "lastModified": 1768904356,
+        "narHash": "sha256-TIG8J+Or8nOydy8TztvtIshnprlf1q6XDIJnopLtMlA=",
         "owner": "thiagokokada",
         "repo": "nix-alien",
-        "rev": "a579610c67dc946f39c2a64656699eb29eb2ffb5",
+        "rev": "d95b25a4dd6da2a1dfeaaf66163d0a281a8270e9",
         "type": "github"
       },
       "original": {
@@ -422,11 +422,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748026106,
-        "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
+        "lastModified": 1768564909,
+        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
+        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
         "type": "github"
       },
       "original": {
@@ -573,11 +573,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768481291,
-        "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
+        "lastModified": 1768863606,
+        "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
+        "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
         "type": "github"
       },
       "original": {
@@ -626,11 +626,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1768603455,
-        "narHash": "sha256-ih6dYNhX1oSg0emfSAvf3iRcgsJtMmS6RUaoCX8kNoU=",
+        "lastModified": 1768744881,
+        "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "590e5c68c4d5e8c766420473c0185d75113f653b",
+        "rev": "06684f00cfbee14da96fd4307b966884de272d3a",
         "type": "github"
       },
       "original": {
@@ -794,11 +794,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768638486,
-        "narHash": "sha256-+LC0wOiliUXbIj6zT2hCoOQ0zn33BD2NxGoy0QqP3Eo=",
+        "lastModified": 1768857659,
+        "narHash": "sha256-93pj/A2s26CUZwvCpN0CL6a1NhLpYVzidzc/Vk2GKCI=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "76bbc35c59419b8b0616fb779ce5600e85edab11",
+        "rev": "3a42efe341d068f13ffb961ed832474128b844f3",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index f478b06..ff6de6a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -67,6 +67,9 @@
       # work
       murk = utils.mkHost ./hosts/murk/configuration.nix;
 
+      # work desktop
+      musk = utils.mkHost ./hosts/musk/configuration.nix;
+
       # lenovo
       muvo = utils.mkHost ./hosts/muvo/configuration.nix;
 
diff --git a/hosts/murk/home.nix b/hosts/murk/home.nix
index a16adb5..706f35d 100644
--- a/hosts/murk/home.nix
+++ b/hosts/murk/home.nix
@@ -19,6 +19,7 @@ in {
   mods.terminal.emulator.enable = true;
   mods.terminal.development.enable = true;
   mods.terminal.tools.enable = true;
+  mods.terminal.hr.enable = true;
   mods.desktop.development.enable = true;
   mods.desktop.productivity.enable = false;
   mods.zen.enable = true;
diff --git a/hosts/musk/configuration.nix b/hosts/musk/configuration.nix
new file mode 100644
index 0000000..b9868c3
--- /dev/null
+++ b/hosts/musk/configuration.nix
@@ -0,0 +1,117 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  system,
+  sources,
+  modulesPath,
+  ...
+}: let
+  cfg = config.mods;
+  keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEio+Y5wBVD1wILaH2R3wV10FvVjiqy/4gGBWHOITTB muon@muon"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKevYmkH7xvYoquBjnYZ7PJiVqf+GOh9fxAJBN6wZGBB gin4@hi.is"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmAOd9VbhyJeibt6Vrb101MNTk5W8+rh94Djv/C+pyu muon@muho"
+  ];
+in {
+  # Hardware
+  imports = [
+    ./hardware-configuration.nix
+    "${
+      builtins.fetchTarball {
+        url = "https://github.com/nix-community/disko/archive/refs/tags/v1.12.0.tar.gz";
+        sha256 = "0wbx518d2x54yn4xh98cgm65wvj0gpy6nia6ra7ns4j63hx14fkq";
+      }
+    }/module.nix"
+    ./disk-config.nix
+    # (inputs.nixpkgs
+    #   + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
+  ];
+
+  environment.systemPackages = with inputs.nix-alien.packages.${system}; [
+    nix-alien
+    pkgs.libratbag
+    pkgs.piper
+    pkgs.libpq
+    pkgs.qmk
+    pkgs.jq
+    pkgs.wireguard-tools
+    pkgs.opencode
+  ];
+
+  boot.binfmt = {
+    emulatedSystems = ["aarch64-linux"];
+    preferStaticEmulators = true; # Make it work with Docker
+  };
+
+  # System
+  mods.user.name = "muon";
+  networking.hostName = "musk";
+  networking.hostId = "a2309091";
+  mods.home.file = ./home.nix;
+  nix.settings.trusted-users = ["root" "muon"];
+  users.users.muon.extraGroups = ["docker"];
+
+  # Modules
+  mods.desktop.enable = true;
+  mods.boot.enable = true;
+
+  mods.theme.enable = true;
+  mods.theme.scheme = "woodland";
+  mods.theme.wallpaper = ./wallpaper.png;
+
+  services.xserver.windowManager.i3.enable = true;
+  # mods.desktop.wayland.enable = true;
+
+  mods.impermanence.enable = true;
+
+  virtualisation.docker.enable = true;
+
+  users.users.muon.openssh.authorizedKeys.keys = keys;
+  users.users.root.openssh.authorizedKeys.keys = keys;
+
+  # Persist
+  environment.persistence."/persist" = {
+    directories = ["/etc/NetworkManager" "/var/lib/NetworkManager"];
+  };
+
+  # Hardware preferences
+  environment.variables = {
+    WINIT_HIDPI_FACTOR = "1";
+    WINIT_X11_SCALE_FACTOR = "1";
+  };
+
+  ## Monitors
+  mods.monitors = {
+    primary = {
+      name = "DP-1";
+      config = {
+        enable = true;
+        mode = "2560x1440";
+        position = "0x0";
+        rate = "60.00";
+        dpi = 72;
+      };
+    };
+    right = {
+      name = "HDMI-1";
+      config = {
+        enable = true;
+        mode = "2560x1440";
+        position = "2560x0";
+        rate = "60.00";
+        dpi = 72;
+      };
+    };
+  };
+
+  ## Mouse
+  services.libinput.mouse.accelProfile = "flat";
+
+  ## Keyboard
+  hardware.keyboard.qmk.enable = true;
+
+  # Version of first install
+  system.stateVersion = "23.05";
+}
diff --git a/hosts/musk/disk-config.nix b/hosts/musk/disk-config.nix
new file mode 100644
index 0000000..05a9f01
--- /dev/null
+++ b/hosts/musk/disk-config.nix
@@ -0,0 +1,72 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # disable settings.keyFile if you want to use interactive password entry
+                #passwordFile = "/tmp/secret.key"; # Interactive
+                # settings = {
+                #   allowDiscards = true;
+                #   keyFile = "/tmp/secret.key";
+                # };
+                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/home" = {
+                      mountpoint = "/home";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/log" = {
+                      mountpoint = "/var/log";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "4G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}
diff --git a/hosts/musk/hardware-configuration.nix b/hosts/musk/hardware-configuration.nix
new file mode 100644
index 0000000..332920b
--- /dev/null
+++ b/hosts/musk/hardware-configuration.nix
@@ -0,0 +1,18 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/musk/home.nix b/hosts/musk/home.nix
new file mode 100644
index 0000000..0bd1d49
--- /dev/null
+++ b/hosts/musk/home.nix
@@ -0,0 +1,83 @@
+{
+  pkgs,
+  lib,
+  config,
+  osConfig,
+  inputs,
+  ...
+}: let
+  cfg = osConfig.mods;
+in {
+  # Modules
+  mods.xdg.enable = true;
+  mods.i3.enable = true;
+  # mods.hyprland.enable = true;
+  mods.terminal.zsh.enable = true;
+  mods.terminal.emulator.enable = true;
+  mods.terminal.development.enable = true;
+  mods.terminal.tools.enable = true;
+  mods.terminal.hr.enable = true;
+  mods.desktop.development.enable = true;
+  mods.desktop.productivity.enable = false;
+  mods.zen.enable = true;
+
+  home.packages = with pkgs;
+    [
+      thunderbird
+      pulseaudio
+      pavucontrol
+      alsa-utils
+      rustdesk-flutter
+
+      # tools
+      docker
+      fish
+      devenv
+      dbeaver-bin
+      ruff
+      just
+      go
+      rainfrog
+      tealdeer
+      gh
+      (callPackage ./packages/mender-cli.nix {})
+    ]
+    # Non-free </3
+    ++ [google-cloud-sdk google-cloud-sql-proxy];
+
+  # Hardware preferences
+  ## Monitors
+  xsession.windowManager.i3.config.workspaceOutputAssign = [
+    {
+      workspace = "1";
+      output = "${cfg.monitors.primary.name}";
+    }
+    {
+      workspace = "2";
+      output = "${cfg.monitors.right.name}";
+    }
+  ];
+  services.autorandr.enable = true;
+  programs.autorandr = {
+    enable = true;
+    hooks.postswitch = {
+      "notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
+      "set-wallpaper" = ''
+        ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
+      '';
+    };
+    profiles.default = {
+      fingerprint = {
+        "${cfg.monitors.right.name}" = "00ffffffffffff0030aef465010101011e1e0103803c22782a31d5a65453a0240a5054bfcf00d1c0d100b300a9c09500818081c08100e973006aa0a034504220680055502100001a565e00a0a0a029503020350055502100001a000000fd00304b0f6e1e000a202020202020000000fc00513237712d31300a202020202001ff020329f04b10050403021f1413121101230907078301000067030c001000183c681a00000101304b00023a801871382d40582c450055502100001e662156aa51001e30468f330055502100001eab22a0a050841a303020360055502100001a7c2e90a0601a1e403020360055502100001a000000000000000000000000000026";
+        "${cfg.monitors.primary.name}" = "00ffffffffffff0005e30427b11a0000321f0104a53c22783be445a554529e260d5054bfef00d1c0b30095008180814081c001010101565e00a0a0a029503020350055502100001e000000ff005141424d434841303036383333000000fc00513237563447350a2020202020000000fd00304b72721e010a2020202020200163020318f14b0103051404131f120211902309070783010000a073006aa0a029500820350055502100001a2a4480a0703827403020350055502100001a023a801871382d40582c450055502100001ef03c00d051a0355060883a0055502100001c000000000000000000000000000000000000000000000000000000000000005f";
+      };
+      config = {
+        "${cfg.monitors.primary.name}" = cfg.monitors.primary.config;
+        "${cfg.monitors.right.name}" = cfg.monitors.right.config;
+      };
+    };
+  };
+
+  # Version of first install
+  home.stateVersion = "23.05";
+}
diff --git a/hosts/musk/packages/mender-cli.nix b/hosts/musk/packages/mender-cli.nix
new file mode 100644
index 0000000..fc24563
--- /dev/null
+++ b/hosts/musk/packages/mender-cli.nix
@@ -0,0 +1,54 @@
+{
+  lib,
+  stdenv,
+  buildGoModule,
+  fetchFromGitHub,
+  makeWrapper,
+  installShellFiles,
+  xz,
+  go,
+}:
+buildGoModule rec {
+  pname = "mender-cli";
+  version = "1.12.0";
+
+  src = fetchFromGitHub {
+    owner = "mendersoftware";
+    repo = "mender-cli";
+    rev = version;
+    sha256 = "sha256-Pf87wTHXcFlnYsgx7ieiIJ9PWJFPUkFJYTkKJKmMFEQ=";
+  };
+
+  vendorHash = "sha256-MqyBa+wsbuXqtM4DL/QGBUWuEYlG8BRxIXq7O1LJUyM=";
+
+  nativeBuildInputs = [
+    makeWrapper
+    installShellFiles
+  ];
+
+  buildInputs = [
+    xz
+  ];
+
+  allowGoReference = true;
+
+  postFixup = ''
+    wrapProgram "$out/bin/mender-cli" \
+      --prefix PATH : ${go}/bin
+  '';
+
+  postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
+    installShellCompletion --cmd mender-cli \
+      --bash <($out/bin/mender-cli completion bash) \
+      --fish <($out/bin/mender-cli completion fish) \
+      --zsh <($out/bin/mender-cli completion zsh) \
+  '';
+
+  meta = {
+    description = "Mender CLI tool to simplify integration between the Mender server and cloud services like continuous integration (CI)/build automation";
+    mainProgram = "mender-cli";
+    homepage = "https://github.com/mendersoftware/mender-cli/";
+    changelog = "https://github.com/mendersoftware/mender-cli/releases/tag/${version}";
+    license = lib.licenses.asl20;
+  };
+}
diff --git a/hosts/musk/wallpaper.png b/hosts/musk/wallpaper.png
new file mode 100644
index 0000000..f016897
Binary files /dev/null and b/hosts/musk/wallpaper.png differ
diff --git a/modules/home/terminal/default.nix b/modules/home/terminal/default.nix
index 3c3eebf..fc43170 100644
--- a/modules/home/terminal/default.nix
+++ b/modules/home/terminal/default.nix
@@ -9,6 +9,7 @@
     ./development.nix
     ./tools.nix
     ./yazi.nix
+    ./hr
     ./helix
     ./nvim
     ./zellij
diff --git a/modules/home/terminal/hr/default.nix b/modules/home/terminal/hr/default.nix
new file mode 100644
index 0000000..eef1a98
--- /dev/null
+++ b/modules/home/terminal/hr/default.nix
@@ -0,0 +1,16 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.mods.terminal;
+
+  hr = pkgs.writeShellScriptBin "hr" (builtins.readFile ./hr.sh);
+in {
+  options.mods.terminal.hr.enable = lib.mkEnableOption "Hefring (Work Tooling)";
+
+  config = lib.mkIf cfg.hr.enable {
+    home.packages = [hr];
+  };
+}
diff --git a/modules/home/terminal/hr/hr.sh b/modules/home/terminal/hr/hr.sh
new file mode 100644
index 0000000..f4f6f8b
--- /dev/null
+++ b/modules/home/terminal/hr/hr.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ "$1" = "py" ] && [ "$2" = "init" ]; then
+  echo "Initializing python devenv..."
+
+  # 1. Init devenv
+  if [ -f .gitignore ]; then
+    cp .gitignore .gitignore.bak
+  fi
+
+  if command -v devenv >/dev/null; then
+    devenv init
+    echo "Direnv allowed"
+  else
+    echo "Error: devenv not found in path."
+    exit 1
+  fi
+
+  if [ -f .gitignore.bak ]; then
+    mv .gitignore.bak .gitignore
+  elif [ -f .gitignore ]; then
+    rm .gitignore
+  fi
+
+  # 2. Replace devenv.nix
+  cat <<EOF >devenv.nix
+{pkgs, ...}: {
+  packages = [ pkgs.google-cloud-sdk ];
+
+  languages.python = {
+    enable = true;
+    venv.enable = true;
+    uv = {
+      enable = true;
+      sync.enable = false;
+    };
+  };
+
+  # We use the named index "google" defined in uv.toml
+  env.UV_INDEX_GOOGLE_USERNAME = "oauth2accesstoken";
+
+  enterShell = ''
+    if ! gcloud auth print-access-token >/dev/null 2>&1; then
+      echo "⚠️  gcloud not authenticated. Run 'gcloud auth login' to access Google Artifact Registry."
+    else
+      export UV_INDEX_GOOGLE_PASSWORD=\$(gcloud auth print-access-token)
+    fi
+    uv sync
+  '';
+}
+EOF
+
+  cat <<EOF >uv.toml
+[[index]]
+name = "google"
+url = "https://europe-west1-python.pkg.dev/mk2-prod/python-packages/simple/"
+EOF
+
+  # 3. Add to local git exclude
+  if git rev-parse --git-dir >/dev/null 2>&1; then
+    EXCLUDE_FILE=$(git rev-parse --git-path info/exclude)
+    mkdir -p "$(dirname "$EXCLUDE_FILE")"
+
+    IGNORES=(
+      ".devenv*"
+      ".direnv"
+      "devenv.nix"
+      "devenv.yaml"
+      "devenv.lock"
+      "uv.lock"
+      "uv.toml"
+      ".envrc"
+    )
+
+    for file in "${IGNORES[@]}"; do
+      if ! grep -Fxq "$file" "$EXCLUDE_FILE" 2>/dev/null; then
+        echo "$file" >>"$EXCLUDE_FILE"
+        echo "Added $file to local git exclude ($EXCLUDE_FILE)"
+      fi
+    done
+  else
+    echo "Warning: Not a git repository. Skipping git ignore setup."
+  fi
+
+  # 4. Allow direnv
+  if command -v direnv >/dev/null; then
+    direnv allow
+    echo "Direnv allowed"
+  else
+    echo "Error: direnv not found in path."
+    exit 1
+  fi
+
+else
+  echo "Usage: hr py init"
+  echo "  py init   Initialize a python devenv environment (git-ignored)"
+  exit 1
+fi