diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix
index 1e50f8a..84f27a4 100644
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -7,6 +7,7 @@ let
     update-flake = "sudo nix flake update ~/nix-config";
     update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas";
     nas-ssh = "kitten ssh admin@10.0.1.18";
+    ducks = "du -cksh * | sort -hr | head -n 15";
   };
 
   gitAliases = {
diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix
index 4242490..c0e70ee 100644
--- a/hosts/nas/apps/nextcloud/default.nix
+++ b/hosts/nas/apps/nextcloud/default.nix
@@ -44,6 +44,9 @@ in
       {
         imports = [ ../../../../share/nvidia ];
         nixpkgs.config.allowUnfree = true;
+        networking.extraHosts = ''
+            10.0.1.18 host.containers protonmail-bridge
+          '';
 
         services = {
           nextcloud = {
@@ -196,20 +199,22 @@ in
       };
   };
 
-  networking.nat = {
-    forwardPorts = [
-      {
-        destination = "10.0.2.18:443";
-        sourcePort = 9943;
-      }
-      {
-        destination = "10.0.2.18:80";
-        sourcePort = 9988;
-      }
-      {
-        destination = "10.0.2.18:8000";
-        sourcePort = 8000;
-      }
-    ];
+  networking = {
+    nat = {
+      forwardPorts = [
+        {
+          destination = "10.0.2.18:443";
+          sourcePort = 9943;
+        }
+        {
+          destination = "10.0.2.18:80";
+          sourcePort = 9988;
+        }
+        {
+          destination = "10.0.2.18:8000";
+          sourcePort = 8000;
+        }
+      ];
+    };
   };
 }
diff --git a/hosts/nas/home.nix b/hosts/nas/home.nix
index 2c96353..576b676 100644
--- a/hosts/nas/home.nix
+++ b/hosts/nas/home.nix
@@ -21,6 +21,7 @@
 
       shellAliases = {
         update = "sudo nixos-rebuild switch";
+        ducks = "du -cksh * | sort -hr | head -n 15";
       };
 
       oh-my-zsh = {
diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix
index a8bd8e0..4600884 100644
--- a/hosts/nas/networking.nix
+++ b/hosts/nas/networking.nix
@@ -7,6 +7,8 @@ let
     2342 # grafana
     51820 # wireguard
     19999 # netdata
+    1025
+    1143
   ];
 in
 {
diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix
index 3af6e2b..9133215 100644
--- a/hosts/nas/services.nix
+++ b/hosts/nas/services.nix
@@ -213,13 +213,19 @@ in
     protonmail-bridge = {
       description = "Protonmail Bridge";
       enable = true;
+      environment = {
+        GNUPGHOME = "%h/.gnupg";
+        PASSWORD_STORE_DIR = "%h/.password-store";
+      };
       script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
       path = [
+        pkgs.gnome-keyring
+        pkgs.gnupg
         pkgs.pass
         pkgs.protonmail-bridge
       ];
-      wantedBy = [ "multi-user.target" ];
-      partOf = [ "multi-user.target" ];
+      wantedBy = [ "default.target" ];
+      after = [ "gpg-agent.service" ];
     };
   };
 
@@ -297,6 +303,16 @@ in
     };
   };
 
+  security.pam.services.login.enableGnomeKeyring = true;
+  # Configure gpg-agent to cache keys
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    # Set how long to cache the passphrase (in seconds)
+    # defaultCacheTtl = 34560;
+    # maxCacheTtl = 34560;
+  };
+
   # Create a timer to run the service periodically
   systemd.timers.system-update-check = {
     description = "Timer for system configuration updates";