diff --git a/flake.lock b/flake.lock
index 0cb8179..9b33655 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5125,16 +5125,16 @@
     },
     "nixpkgsUnstable": {
       "locked": {
-        "lastModified": 1727122398,
-        "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
+        "lastModified": 1727492757,
+        "narHash": "sha256-9ceiOCk+8ekKJJaeN/40M8jEqmrdjIULTzQDUrW0tfw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
+        "rev": "e412e4890728fb35574edee0fb77876baf12ef88",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "pull/344989/head",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 83272b6..568957c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,7 @@
     iohkNix.url = github:input-output-hk/iohk-nix/?ref=df1da282f996ec46b33379407df99613a1fbafdd;
     nix.url = github:NixOS/nix/?ref=2.24.6;
     nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05;
-    nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
+    nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=pull/344989/head;
     ragenix = {
       url = github:yaxitech/ragenix;
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/hosts/cuallaidh/default.nix b/hosts/cuallaidh/default.nix
index c720b32..6c772a7 100644
--- a/hosts/cuallaidh/default.nix
+++ b/hosts/cuallaidh/default.nix
@@ -13,7 +13,7 @@
     ../../profiles/ipv6.nix
     ../../profiles/mastodon.nix
     ../../profiles/matrix.nix
-    #../../profiles/mcwhirter.io.nix
+    ../../profiles/mcwhirter.io.nix
     #../../profiles/minecraftServer.nix
     ../../profiles/nextcloud.nix
     ../../profiles/nixpkgs-dev.nix
diff --git a/hosts/sanganto/default.nix b/hosts/sanganto/default.nix
index 9bcf73e..91fe061 100644
--- a/hosts/sanganto/default.nix
+++ b/hosts/sanganto/default.nix
@@ -21,8 +21,6 @@
     ../../profiles/users-ops.nix # MIO Ops users
   ];
 
-  deployment.targetHost = "10.42.0.11";
-
   nixpkgs = {
     config = {
       allowUnfree = true;
diff --git a/modules/module-list.nix b/modules/module-list.nix
index 68bf0a5..a0d9cbc 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -1,6 +1,7 @@
 [
   ./profiles/cosmicDesktop
   ./profiles/starship
+  ./profiles/toxvpn
   ./roles/desktop
   ./roles/desktopCraige
 ]
diff --git a/modules/profiles/toxvpn/default.nix b/modules/profiles/toxvpn/default.nix
new file mode 100644
index 0000000..d40b275
--- /dev/null
+++ b/modules/profiles/toxvpn/default.nix
@@ -0,0 +1,25 @@
+# VPN configuration for MIO.
+{
+  config,
+  lib,
+  pkgs,
+  nixpkgsUnstable,
+  ...
+}:
+with lib; let
+  cfg = config.profiles.toxvpn;
+  toxvpn = nixpkgsUnstable.toxvpn;
+in {
+  options.profiles.toxvpn = {
+    enable = mkEnableOption "to enable toxvpn.";
+  };
+  config = mkIf (cfg.enable) {
+    services.toxvpn = {
+      enable = true;
+      auto_add_peers = [
+        "7708050f6b7ad32e2a6943bd4aa97fe90053090e1197bd96f3dbedfd324e49605ca3e577ef47" # sanganto
+        "a18dfff426f5a752eb1bdc90ea307850982c1dff1444caf72b75f73483e358213b60281235a4" # eamhair
+      ];
+    };
+  };
+}
diff --git a/modules/roles/desktop/default.nix b/modules/roles/desktop/default.nix
index 4c6c181..fd70741 100644
--- a/modules/roles/desktop/default.nix
+++ b/modules/roles/desktop/default.nix
@@ -23,6 +23,7 @@ in {
       libreoffice-fresh # Comprehensive, professional-quality productivity suite
       mplayer # A movie player that supports many video formats
       nextcloud-client # Nextcloud desktop client
+      pavucontrol # PulseAudio Volume Control
       pwgen # Password generator
       rsync
       shotwell # Photo organizer
diff --git a/outputs.nix b/outputs.nix
index 2e6ecdc..4c08ff6 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -44,6 +44,7 @@ in {
       # make flake inputs accessible in NixOS
       _module.args.inputs = inputs;
       profiles.starship.enable = true;
+      profiles.toxvpn.enable = true;
     };
     # Comment out deployment line when building the SD Image.
     airgead = {
@@ -128,6 +129,7 @@ in {
         tags = ["active" "rPi"];
         targetHost = "10.42.0.205";
       };
+      services.toxvpn.localip = "10.37.0.205";
     };
     iolear-beag = {
       imports = [
@@ -150,8 +152,10 @@ in {
         hosts/sanganto
         ragenix.nixosModules.default
       ];
+      deployment.targetHost = "10.42.0.11";
       roles.desktop.enable = true;
       roles.desktopCraige.enable = true;
+      services.toxvpn.localip = "10.37.0.11";
     };
     sercanto = {
       imports = [
diff --git a/profiles/mcwhirter.io.nix b/profiles/mcwhirter.io.nix
index 021e12d..0b4e8c0 100644
--- a/profiles/mcwhirter.io.nix
+++ b/profiles/mcwhirter.io.nix
@@ -4,8 +4,8 @@
   pkgs,
   ...
 }: let
-  sources = import ../nix/sources.nix;
-  mcwhirter-io = import sources.mcwhirter-io {};
+  #sources = import ../nix/sources.nix;
+  #mcwhirter-io = import sources.mcwhirter-io {};
   webdomain = "mcwhirter.io";
 in {
   environment.sessionVariables = {
@@ -23,7 +23,7 @@ in {
         # website hostname
         enableACME = true; # Use ACME certs
         forceSSL = true; # Force SSL
-        root = "${mcwhirter-io}"; # Wesbite root
+        #root = "${mcwhirter-io}"; # Wesbite root
       };
       "www.${webdomain}" = {
         # Respect our elders :-)