diff --git a/flake.lock b/flake.lock
index 9d84693..d9edbf2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755810213,
-        "narHash": "sha256-QdenO8f0PTg+tC6HuSvngKcbRZA5oZKmjUT+MXKOLQg=",
+        "lastModified": 1758719930,
+        "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6911d3e7f475f7b3558b4f5a6aba90fa86099baa",
+        "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d",
         "type": "github"
       },
       "original": {
@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1758427187,
+        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
         "type": "github"
       },
       "original": {
diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 28d673f..0686e82 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -214,8 +214,9 @@ in
     logReversePathDrops = true;
     checkReversePath = "loose";
     extraCommands = ''
-      # Enable connections to Ollama for VPN users:
+      # Enable connections to openweb-ui for VPN users:
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.0/24 --destination 10.40.4.2 --dport 8080 -j ACCEPT
+      # Enable connections to ollama from the openweb-ui instance:
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
     '';
     # wireguard trips rpfilter up
@@ -234,9 +235,11 @@ in
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
+    ansible # automation/software-defined-configuration tool
     binutils # gnu bin utils
     # conda # python environment management
     uv # alternative for python env management...
+    lazydocker # docker[/compose] tui
     sqlite-interactive # sqlite cli
     duckdb # wanted mostly as cli for SQL on csv files
     neovim # next gen vim w/lua
@@ -304,6 +307,7 @@ in
     corectrl # provide hardware clock controls for AMDGPU
     gimp # GIMP image manipulation proggy
     zed-editor # the most hopeful replacement for vscode...if I never learn nvim
+    noisetorch # noise/background filter for mic
   ];
   programs.zsh.enable = true;
   programs.git = {
@@ -398,9 +402,43 @@ in
   services.ollama = {
     enable = true;
     acceleration = "rocm";
-    #environmentVariables = {
-    #  HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
-    #};
+    environmentVariables = {
+      HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
+      OLLAMA_LOAD_TIMEOUT = "2"; # Reduce load timeout (from 5 min)...if it's that big, forget it.
+      # OK, so origins is more about setting up CORS than firewalling things. (and requires e.g. http[s]://IP|Host/* etc)
+      #OLLAMA_ORIGINS = "10.40.4.2"; # Only accept connections from locally.
+
+      # Default/mapped from config ENV vars:
+      #CUDA_VISIBLE_DEVICES: 
+      #GPU_DEVICE_ORDINAL: 
+      #HIP_VISIBLE_DEVICES: 
+      #HSA_OVERRIDE_GFX_VERSION:10.3.0 
+      #HTTPS_PROXY: 
+      #HTTP_PROXY: 
+      #NO_PROXY: 
+      #OLLAMA_CONTEXT_LENGTH:4096 
+      #OLLAMA_DEBUG:INFO 
+      #OLLAMA_FLASH_ATTENTION:false 
+      #OLLAMA_GPU_OVERHEAD:0 
+      #OLLAMA_HOST:http://10.40.4.2:11434 
+      #OLLAMA_INTEL_GPU:false 
+      #OLLAMA_KEEP_ALIVE:5m0s 
+      #OLLAMA_KV_CACHE_TYPE: 
+      #OLLAMA_LLM_LIBRARY: 
+      #OLLAMA_LOAD_TIMEOUT:2s 
+      #OLLAMA_MAX_LOADED_MODELS:0 
+      #OLLAMA_MAX_QUEUE:512 
+      #OLLAMA_MODELS:/var/lib/ollama/models 
+      #OLLAMA_MULTIUSER_CACHE:false 
+      #OLLAMA_NEW_ENGINE:false 
+      #OLLAMA_NEW_ESTIMATES:false 
+      #OLLAMA_NOHISTORY:false 
+      #OLLAMA_NOPRUNE:false 
+      #OLLAMA_NUM_PARALLEL:1 
+      #OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://* vscode-webview://* vscode-file://*] 
+      #OLLAMA_SCHED_SPREAD:false 
+      #ROCR_VISIBLE_DEVICES: http_proxy: https_proxy: no_proxy:
+    };
     host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
     rocmOverrideGfx = "10.3.0";
   };
@@ -414,6 +452,7 @@ in
     docker.enable = true;
     podman.enable = false;
     docker.storageDriver = "btrfs"; # Only when using BTRFS! (wolcen approved!)
+    #docker.logDriver = "local"; # Default journald
     oci-containers = {
       backend = "docker";
       containers = {