diff --git a/.vscode/settings.json b/.vscode/settings.json
index 30e36e9e..b57d0fa8 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,3 +1,4 @@
 {
-  "python.formatting.provider": "yapf"
+  "python.formatting.provider": "yapf",
+  "conventionalCommits.scopes": ["thinkrac"]
 }
diff --git a/config/desktop.nix b/config/desktop.nix
index 00fc3292..59b40f7c 100644
--- a/config/desktop.nix
+++ b/config/desktop.nix
@@ -17,6 +17,7 @@ in {
     ./services/pipewire.nix
     ./desktop-secrets.nix
     ./services/cups.nix
+    ./services/docker.nix
   ];
   fonts.fonts = with pkgs; [
     noto-fonts
diff --git a/config/nutty-noon.nix b/config/nutty-noon.nix
index b708bdf7..622aedf5 100644
--- a/config/nutty-noon.nix
+++ b/config/nutty-noon.nix
@@ -19,7 +19,6 @@
     nixos-hardware.nixosModules.common-gpu-amd
     nixos-hardware.nixosModules.common-pc-ssd
     ./services/postgres.nix
-    ./services/docker.nix
     ./services/drone-runner-docker.nix
     ./services/gitlab-runner
   ];
diff --git a/zones/chir.rs.nix b/zones/chir.rs.nix
index 68a458ee..da9576d0 100644
--- a/zones/chir.rs.nix
+++ b/zones/chir.rs.nix
@@ -45,27 +45,27 @@ with dns.lib.combinators; let
       }
     ];
     /*
-     subdomains = {
-     _tcp.subdomains."*".TLSA = [
-     {
-     certUsage = "dane-ee";
-     selector = "spki";
-     match = "sha256";
-     certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
-     ttl = zoneTTL;
-     }
-     ];
-     _udp.subdomains."*".TLSA = [
-     {
-     certUsage = "dane-ee";
-     selector = "spki";
-     match = "sha256";
-     certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
-     ttl = zoneTTL;
-     }
-     ];
-     };
-     */
+    subdomains = {
+    _tcp.subdomains."*".TLSA = [
+    {
+    certUsage = "dane-ee";
+    selector = "spki";
+    match = "sha256";
+    certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
+    ttl = zoneTTL;
+    }
+    ];
+    _udp.subdomains."*".TLSA = [
+    {
+    certUsage = "dane-ee";
+    selector = "spki";
+    match = "sha256";
+    certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
+    ttl = zoneTTL;
+    }
+    ];
+    };
+    */
     HTTPS = [
       {
         svcPriority = 1;
diff --git a/zones/int.chir.rs.nix b/zones/int.chir.rs.nix
index c810a453..fab87e22 100644
--- a/zones/int.chir.rs.nix
+++ b/zones/int.chir.rs.nix
@@ -76,27 +76,27 @@ in {
         }
       ];
       /*
-       subdomains = {
-       _tcp.subdomains."*".TLSA = [
-       {
-       certUsage = "dane-ee";
-       selector = "spki";
-       match = "sha256";
-       certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
-       ttl = zoneTTL;
-       }
-       ];
-       _udp.subdomains."*".TLSA = [
-       {
-       certUsage = "dane-ee";
-       selector = "spki";
-       match = "sha256";
-       certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
-       ttl = zoneTTL;
-       }
-       ];
-       };
-       */
+      subdomains = {
+      _tcp.subdomains."*".TLSA = [
+      {
+      certUsage = "dane-ee";
+      selector = "spki";
+      match = "sha256";
+      certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
+      ttl = zoneTTL;
+      }
+      ];
+      _udp.subdomains."*".TLSA = [
+      {
+      certUsage = "dane-ee";
+      selector = "spki";
+      match = "sha256";
+      certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
+      ttl = zoneTTL;
+      }
+      ];
+      };
+      */
       HTTPS = [
         {
           svcPriority = 1;