diff --git a/bhyve/win10-stop.sh b/bhyve/win10-stop.sh
old mode 100644
new mode 100755
diff --git a/fstab b/fstab
index d96e2e7..ee8c4a0 100644
--- a/fstab
+++ b/fstab
@@ -22,4 +22,4 @@ linsysfs          /compat/debian/sys            linsysfs        rw,late
 #/home/mykola      /export/mykola               nullfs          rw,late                     0 0
 
 # network
-192.168.100.4:/	/nfs		                        nfs	            nfsv4,rw                    0	0
+192.168.100.4:/	/nfs		                        nfs	            nfsv4,ro                    0	0
diff --git a/i3wm/i3status/config b/i3wm/i3status/config
new file mode 100644
index 0000000..e69de29
diff --git a/pf.conf b/pf.conf
index cf4236d..cd073f1 100644
--- a/pf.conf
+++ b/pf.conf
@@ -26,8 +26,8 @@ pass out on pf_strict from any to any
 ## allow ICMP pings
 pass in on $pf_strict inet proto icmp all icmp-type $icmp_types
 # services (ssh, nfs, smb)
-tcp_services = "{ ssh nfsd rpcbind 711 957 445 139 22000 21027 }"
-udp_services = "{ nfsd rpcbind 711 957 445 139 22000 }"
+tcp_services = "{ ssh nfsd rpcbind 711 957 22000 21027 }"
+udp_services = "{ nfsd rpcbind 711 957 22000 }"
 # rules
 ## allow all incoming traffic, since they could be a response to outgoing connection
 ## but block our service ports, and then allow it only for goonlab
diff --git a/rc.conf b/rc.conf
index 29ff024..e8cba6f 100644
--- a/rc.conf
+++ b/rc.conf
@@ -1,6 +1,6 @@
 hostname="asus-laptop"
 
-kld_list="i915kms cuse4bsd vmm"
+kld_list="i915kms nvidia-modeset cuse4bsd vmm"
 linux_enable="YES"
 
 dumpdev="AUTO"
@@ -20,6 +20,8 @@ ifconfig_bridge0_name="vnat0"
 ifconfig_vnat0="inet 10.0.0.1 netmask 255.255.255.0"
 
 dnsmasq_enable="YES"
+ntpd_enable="YES"
+samba_server_enable="YES"
 
 # firewall
 pf_enable="YES"
@@ -34,7 +36,7 @@ pflog_flags=""
 local_unbound_enable="YES"
 sshd_enable="YES"
 moused_enable="YES"
-ntpd_enable="YES"
+
 ntpd_sync_on_start="YES"
 powerd_enable="YES"
 smartd_enable="YES"
@@ -43,7 +45,6 @@ libvirtd_enable="YES"
 
 
 nfs_client_enable="YES"
-#samba_server_enable="YES"
 
 rpcbind_enable="YES"
 nfs_server_enable="YES"
diff --git a/unbound/control.conf b/unbound/control.conf
new file mode 100644
index 0000000..d40ed00
--- /dev/null
+++ b/unbound/control.conf
@@ -0,0 +1,6 @@
+# This file was generated by local-unbound-setup.
+# Modifications will be overwritten.
+remote-control:
+	control-enable: yes
+	control-interface: /var/run/local_unbound.ctl
+	control-use-cert: no
diff --git a/unbound/forward.conf b/unbound/forward.conf
new file mode 100644
index 0000000..ea4873c
--- /dev/null
+++ b/unbound/forward.conf
@@ -0,0 +1,6 @@
+forward-zone:
+	name: "."
+  forward-addr: 8.8.8.8
+  #forward-tls-upstream: yes
+  # LibreDNS (DNS-over-TLS)
+  #forward-addr: 116.202.176.26@853#dot.libredns.gr
diff --git a/unbound/lan-zones.conf b/unbound/lan-zones.conf
new file mode 100644
index 0000000..c72154a
--- /dev/null
+++ b/unbound/lan-zones.conf
@@ -0,0 +1,6 @@
+# This file was generated by local-unbound-setup.
+# Modifications will be overwritten.
+server:
+	# Unblock reverse lookups for LAN addresses
+	unblock-lan-zones: yes
+	insecure-lan-zones: yes
diff --git a/unbound/root.key b/unbound/root.key
new file mode 100644
index 0000000..4ee91bb
--- /dev/null
+++ b/unbound/root.key
@@ -0,0 +1,9 @@
+; autotrust trust anchor file
+;;id: . 1
+;;last_queried: 1725355488 ;;Tue Sep  3 12:24:48 2024
+;;last_success: 1724216285 ;;Wed Aug 21 07:58:05 2024
+;;next_probe_time: 1725358502 ;;Tue Sep  3 13:15:02 2024
+;;query_failed: 160
+;;query_interval: 9299
+;;retry_time: 3600
+.	86400	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1722097213 ;;Sat Jul 27 19:20:13 2024
diff --git a/unbound/unbound.conf b/unbound/unbound.conf
new file mode 100644
index 0000000..b5c2182
--- /dev/null
+++ b/unbound/unbound.conf
@@ -0,0 +1,21 @@
+# This file was generated by local-unbound-setup.
+# Modifications will be overwritten.
+server:
+	username: unbound
+	directory: /var/unbound
+	chroot: /var/unbound
+	pidfile: /var/run/local_unbound.pid
+	#auto-trust-anchor-file: /var/unbound/root.key
+  # LibreDNS
+  tls-cert-bundle: /usr/local/share/certs/ca-root-nss.crt
+  # host
+  interface: 127.0.0.1
+  access-control: 127.0.0.1/8 allow
+  # VM networking
+  interface: 10.0.0.1
+  access-control: 10.0.0.0/24 allow
+
+include: /var/unbound/forward.conf
+include: /var/unbound/lan-zones.conf
+include: /var/unbound/control.conf
+include: /var/unbound/conf.d/*.conf