diff --git a/common/hardware/amdgpu.nix b/common/hardware/amdgpu.nix
new file mode 100644
index 0000000..aeeedfc
--- /dev/null
+++ b/common/hardware/amdgpu.nix
@@ -0,0 +1,22 @@
+{pkgs, ...}: {
+  boot = {
+    initrd.kernelModules = ["amdgpu"];
+
+    # params for Sea Islands or smth
+    kernelParams = ["radeon.cik_support=0" "amdgpu.cik_support=1"];
+  };
+
+  hardware.opengl = {
+    enable = true;
+
+    ## radv: an open-source Vulkan driver from freedesktop
+    driSupport = true;
+    driSupport32Bit = true;
+
+    ## amdvlk: an open-source Vulkan driver from AMD
+    extraPackages = [pkgs.amdvlk];
+    extraPackages32 = [pkgs.driversi686Linux.amdvlk];
+  };
+
+  services.xserver.videoDrivers = ["amdgpu"];
+}
diff --git a/common/services/sshd.nix b/common/services/sshd.nix
index f06c145..0e9054c 100644
--- a/common/services/sshd.nix
+++ b/common/services/sshd.nix
@@ -1,4 +1,4 @@
-{
+{pkgs, ...}: {
   # Hardened OpenSSH server
   # Resources:
   # https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015)
@@ -10,9 +10,13 @@
     settings = {
       PermitRootLogin = "no";
 
+
+      AllowUsers = [ "user" "tasia" ];
+
       # Public key authentiation only
       PasswordAuthentication = false;
       ChallengeResponseAuthentication = false;
+      KbdInteractiveAuthentication = true;
     };
     extraConfig = ''
       # Only allow SSH v2
@@ -39,6 +43,13 @@
       AuthenticationMethods publickey
     '';
   };
+
+  security.pam = {
+    services.sshd.googleAuthenticator.enable = true;
+  };
+  environment.systemPackages = with pkgs; [
+    google-authenticator
+  ];
 }
 # ssh R6: StrictHostKeyChecking ask
 
diff --git a/dotfiles/.bashrc b/dotfiles/.bashrc
index 1327211..3733729 100644
--- a/dotfiles/.bashrc
+++ b/dotfiles/.bashrc
@@ -2,10 +2,9 @@ export XDG_DATA_HOME="$HOME/.local/share"
 
 if [[ -n $SSH_CONNECTION ]] ; then
     curl \
-        -H "Title: Test" \
-        -H "Priority: high" \
-        -H "Tags: warning" \
+        -H "Title: New SSH session" \
+        -H "Priority: urgent" \
+        -H "Tags: urgent" \
         -d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
         ntfy.sh/tasiaiso_alerts &> /dev/null
 fi
-
diff --git a/dotfiles/.zshrc b/dotfiles/.zshrc
index 2774085..fea2ccd 100644
--- a/dotfiles/.zshrc
+++ b/dotfiles/.zshrc
@@ -2,8 +2,8 @@ export XDG_DATA_HOME="$HOME/.local/share"
 
 if [[ -n $SSH_CONNECTION ]] ; then
     curl \
-        -H "Title: Test" \
-        -H "Priority: high" \
+        -H "Title: New SSH session" \
+        -H "Priority: urgent" \
         -H "Tags: urgent" \
         -d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
         ntfy.sh/tasiaiso_alerts &> /dev/null
diff --git a/hosts/new-phoenix/configuration.nix b/hosts/new-phoenix/configuration.nix
index a2eb24e..ccfbaff 100644
--- a/hosts/new-phoenix/configuration.nix
+++ b/hosts/new-phoenix/configuration.nix
@@ -26,6 +26,7 @@ in {
     hostName = "phoenix";
 
     firewall.allowedTCPPorts = [
+      # 8384 # syncthing web UI
       12345 # tildefriends
       13378 # audiobookshelf
     ];
@@ -45,6 +46,7 @@ in {
   services.syncthing = {
     dataDir = lib.mkForce "/home/user";
     configDir = lib.mkForce "/data/sync/configuration/";
+    guiAddess = "0.0.0.0:8384";
   };
 
   environment.systemPackages = with pkgs; [