diff --git a/install.sh b/install.sh
index 9502c52..97dd5e9 100755
--- a/install.sh
+++ b/install.sh
@@ -131,6 +131,7 @@ packages=(
     pipewire-jack # required by vlc
     inkscape # Vector graphics
     gimp # Pixel graphics
+    darktable
     libreoffice-fresh
     libreoffice-fresh-de
     lollypop # Music player
@@ -196,6 +197,7 @@ packages=(
     nextcloud-client
     element-desktop # Matrix client
     tailscale
+    flatpak
 )
 
 optdeps=(
@@ -249,6 +251,7 @@ services=(
     systemd-resolved.service # DNS resolution
     # Other system services
     firewalld.service # Firewall
+    linux-modules-cleanup.service # kernel-modules-hook
     # Timers
     fstrim.timer # Periodically trim file systems…
     "btrfs-scrub@$(systemd-escape -p /).timer" # scrub root filesystem…
@@ -425,8 +428,6 @@ aur_packages=(
     networkmanager-iwd
     # iwd GUI
     iwgtk
-    # Backups based on borg
-    pika-backup
     # Login settings
     gdm-settings
     # Gnome extensions
@@ -437,6 +438,7 @@ aur_packages=(
     gnome-shell-extension-bluetooth-quick-connect
     gnome-shell-extension-quick-settings-tweaks-git
     gnome-shell-extension-nightthemeswitcher
+    gnome-shell-extension-pop-shell-git
     # Firefox extensions
     firefox-extension-bitwarden
     # Dracut hook to build kernel images for systemd boot
diff --git a/private_dot_ssh/private_config b/private_dot_ssh/private_config
index acb2654..46fa38a 100644
--- a/private_dot_ssh/private_config
+++ b/private_dot_ssh/private_config
@@ -1,23 +1,3 @@
-Host *
-  ControlMaster auto
-  ControlPersist 300
-  ControlPath ~/.ssh/socket-%r@%h:%p
-  IdentitiesOnly yes
-  HashKnownHosts yes
-  PasswordAuthentication no
-  ChallengeResponseAuthentication no
-  StrictHostKeyChecking ask
-  VerifyHostKeyDNS yes
-  ForwardAgent no
-  ForwardX11 no
-  ForwardX11Trusted no
-  ServerAliveInterval 60
-  ServerAliveCountMax 3
-  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-  KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
-  MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
-  HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-
 ## Server
 Host finn
   User ansible
@@ -43,8 +23,7 @@ Host oscar-unlock
   UserKnownHostsFile ~/.ssh/known_hosts.initramfs
   Ciphers aes256-ctr
   MACs hmac-sha2-256
-Host code.strobeto.de
-  HostName code.strobeto.de
+Host code.strobel.one
   User git
   #IdentityFile ~/.ssh/id_rsa_yubikey.pub
   # FIDO2
@@ -90,6 +69,13 @@ Host bbarchaide
   HostName xj2jx027.repo.borgbase.com
   User xj2jx027
   IdentityFile ~/.ssh/id_rsa_yubikey.pub
+Host hetznerstoragebox
+  HostName u306305.your-storagebox.de
+  User u306305
+  Port 23
+  #PasswordAuthentication yes
+  # FIDO2
+  IdentityFile ~/.ssh/id_ed25519_sk_yk5nano
 
 ## Git services
 Host github.com
@@ -128,3 +114,24 @@ Host raphael
   #IdentityFile ~/.ssh/id_rsa_yubikey.pub
   PasswordAuthentication yes
 
+Host *
+  ControlMaster auto
+  ControlPersist 300
+  ControlPath ~/.ssh/socket-%r@%h:%p
+  IdentitiesOnly yes
+  HashKnownHosts yes
+  PasswordAuthentication no
+  ChallengeResponseAuthentication no
+  StrictHostKeyChecking ask
+  VerifyHostKeyDNS yes
+  ForwardAgent no
+  ForwardX11 no
+  ForwardX11Trusted no
+  ServerAliveInterval 60
+  ServerAliveCountMax 3
+  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
+  MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
+  HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
+
+
diff --git a/run_once_flatpak-applications.sh b/run_once_flatpak-applications.sh
new file mode 100644
index 0000000..2c00608
--- /dev/null
+++ b/run_once_flatpak-applications.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+exec 2> >(while read line; do echo -e "\e[01;31m$line\e[0m"; done)
+
+flatpak install --noninteractive org.gnome.World.PikaBackup