diff --git a/flake.lock b/flake.lock
index 6743230..c940042 100644
--- a/flake.lock
+++ b/flake.lock
@@ -117,11 +117,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1713906585,
-        "narHash": "sha256-fv84DCOkBtjF6wMATt0rfovu7e95L8rdEkSfNbwKR3U=",
+        "lastModified": 1714203603,
+        "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bfa7c06436771e3a0c666ccc6ee01e815d4c33aa",
+        "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e",
         "type": "github"
       },
       "original": {
@@ -174,11 +174,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1713864415,
-        "narHash": "sha256-/BPDMJEkrsFAFOsQWhwm31wezlgshPFlLBn34KEUdVA=",
+        "lastModified": 1714201532,
+        "narHash": "sha256-nk0W4rH7xYdDeS7k1SqqNtBaNrcgIBYNmOVc8P2puEY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "797f8d8082c7cc3259cba7275c699d4991b09ecc",
+        "rev": "53db5e1070d07e750030bf65f1b9963df8f0c678",
         "type": "github"
       },
       "original": {
@@ -222,11 +222,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1713714899,
-        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
+        "lastModified": 1714076141,
+        "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
+        "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index daf0514..f63c11f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -58,7 +58,7 @@
 			};
 		in {
 			nixosConfigurations = {
-        # Microsoft Surface Laptop Go
+        		# Microsoft Surface Laptop Go
 				Dimaga = nixpkgs.lib.nixosSystem {
 					system = "x86_64-linux";
 					modules = defaultModules.base ++ [
@@ -67,7 +67,7 @@
 					];
 				};
 
-        # Home server
+				# Home server
 				Haven = nixpkgs.lib.nixosSystem {
 					system = "x86_64-linux";
 					modules = defaultModules.base ++ [
@@ -76,16 +76,16 @@
 					];
 				};
 
-        # Microsoft Surface Pro 7
-        Khanda = nixpkgs.lib.nixosSystem {
+				# Microsoft Surface Pro 7
+				Khanda = nixpkgs.lib.nixosSystem {
 					system = "x86_64-linux";
 					modules = defaultModules.base ++ [
-            nixos-hardware.nixosModules.microsoft-surface-pro-intel
+					nixos-hardware.nixosModules.microsoft-surface-pro-intel	# FIXME: Needs kernel recompile to enable
 						./hosts/Khanda
 					];
 				};
 
-        # Raspberry Pi
+				# Raspberry Pi
 				Pihole = nixpkgs.lib.nixosSystem {
 					system = "aarch64-linux";
 					modules = defaultModules.base ++ [
@@ -94,7 +94,7 @@
 					];
 				};
 
-        # Lenovo Legion Slim 7 Gen 7 AMD
+        		# Lenovo Legion Slim 7 Gen 7 AMD
 				Shura = nixpkgs.lib.nixosSystem {
 					system = "x86_64-linux";
 					modules = defaultModules.base ++ [
diff --git a/hosts/Khanda/hardware-configuration.nix b/hosts/Khanda/hardware-configuration.nix
index 758c3e7..534d6ed 100644
--- a/hosts/Khanda/hardware-configuration.nix
+++ b/hosts/Khanda/hardware-configuration.nix
@@ -1,38 +1,42 @@
-# Surface Pro 7
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-	imports = [
-		(modulesPath + "/installer/scan/not-detected.nix")
-	];
-/*
+	imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
 	boot = {
 		initrd = {
-			availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
-			kernelModules = [ ];
-			luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
+			availableKernelModules = [ "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "tpm_crb" "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "surface_kbd" "pinctrl_tigerlake" ];
+			kernelModules = [ "tpm_crb" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "surface_hid" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "surface_kbd" "pinctrl_tigerlake" ];
+
+			luks.devices."luks-bd1fe396-6740-4e7d-af2c-26ca9a3031f1" = {
+				device = "/dev/disk/by-uuid/bd1fe396-6740-4e7d-af2c-26ca9a3031f1";
+				crypttabExtraOpts = [ "tpm2-device=auto" ];
+			};
 		};
 
-		kernelModules = [ "kvm-intel" ];
+		kernelModules = [ "kvm-intel" "tpm_crb" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "surface_hid" "hid_multitouch" "8250_dw" "intel_lpss" "intel_lpss_pci" "surface_kbd" "pinctrl_tigerlake" ];
 		extraModulePackages = [ ];
 	};
 
 	fileSystems = {
 		"/" = {
-			device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
+			device = "/dev/disk/by-uuid/b34afd29-94ff-421b-bb96-8497951abf58";
 			fsType = "btrfs";
-			options = [ "subvol=@,compress=zstd" ];
+			options = [ "subvol=@" ];
 		};
+
 		"/boot" = {
-			device = "/dev/disk/by-uuid/0C53-A645";
+			device = "/dev/disk/by-uuid/DD2A-9C83";
 			fsType = "vfat";
 		};
 	};
-*/
-	swapDevices = [{
-		device = "/swapfile";
-		size = 4096;
-	}];
+
+	swapDevices = [
+		{ device = "/dev/disk/by-uuid/8c2519d9-3e47-4aa1-908d-98b1aa8b909d"; }
+	];
 
 	networking = {
 		useDHCP = lib.mkDefault true;
diff --git a/modules/base/bootloader.nix b/modules/base/bootloader.nix
index 69ccae0..369bf7c 100644
--- a/modules/base/bootloader.nix
+++ b/modules/base/bootloader.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 
 # Bootloader
 let
@@ -40,6 +40,7 @@ with lib;
 
 			# Set up TPM. See https://nixos.wiki/wiki/TPM
 			# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
+			environment.systemPackages = with pkgs; [ tpm2-tss ];
 			security.tpm2 = {
 				enable = true;
 				pkcs11.enable = true;
diff --git a/modules/ui/flatpak.nix b/modules/ui/flatpak.nix
index dbc87ef..63cbf48 100644
--- a/modules/ui/flatpak.nix
+++ b/modules/ui/flatpak.nix
@@ -41,6 +41,8 @@ with lib;
 
 		# Workaround for getting Flatpak apps to use system fonts, icons, and cursors
 		# For details (and source), see https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1767513263
+		# NOTE: If fonts in Flatpaks appear incorrect (like squares), run this command to regenerate the font cache:
+		#  flatpak list --columns=application | xargs -I %s -- flatpak run --command=fc-cache %s -f -v
 		system.fsPackages = [ pkgs.bindfs ];
 		fileSystems = let
 			mkRoSymBind = path: {