diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix
index bb13dce9..28be767e 100644
--- a/hosts/chocolatebar/chocolatebar.nix
+++ b/hosts/chocolatebar/chocolatebar.nix
@@ -29,6 +29,7 @@ in
       wayvnc
       drone-docker-runner
       stdenv.cc.cc.lib
+      pkgs.hplip
     ];
 
     age.secrets."vnc-key.pem" = {
diff --git a/hosts/chocolatebar/factorio/default.nix b/hosts/chocolatebar/factorio/default.nix
index 4c818bec..d470d152 100644
--- a/hosts/chocolatebar/factorio/default.nix
+++ b/hosts/chocolatebar/factorio/default.nix
@@ -22,6 +22,7 @@ in
       enable = true;
       port = 34197; # The default, but make it explicit
       lan = true;
+      game-password = "pls-dont-grief";
       admins = [
         "doubtwriter"
         "kattykat"
@@ -30,9 +31,13 @@ in
       autosave-interval = 3;
       game-name = "Babes plays v2";
       requireUserVerification = false;
+      bind = "::";
       mods = [
         far-reach
       ];
     };
+
+    networking.firewall.allowedUDPPorts = [ 34197 ];
+    networking.firewall.allowedTCPPorts = [ 34197 ];
   };
 }
diff --git a/hosts/droppie/restic-backup.nix b/hosts/droppie/restic-backup.nix
index 17619496..70a1f0e5 100644
--- a/hosts/droppie/restic-backup.nix
+++ b/hosts/droppie/restic-backup.nix
@@ -2,7 +2,7 @@
 
 let
   shutdownWaitMinutes = 15;
-  shutdownScript = pkgs.writeScript "shutdown" ''
+  shutdownScript = pkgs.writeShellScriptBin "shutdown-wait" ''
     STATUS_FILES="/media/internal/backups-pub-solar/status"
 
     running=""
@@ -37,7 +37,7 @@ in
   systemd.services."shutdown-after-backup" = {
     enable = true;
     serviceConfig = {
-      ExecStart = "${pkgs.bash}/bin/bash ${shutdownScript}";
+      ExecStart = "${shutdownScript}/bin/shutdown-wait";
       Type = "oneshot";
     };
   };
@@ -45,7 +45,7 @@ in
   systemd.timers."shutdown-after-backup" = {
     enable = true;
     timerConfig = {
-      OnCalendar = "3..9:*";
+      OnCalendar = "3..9:* Etc/UTC";
     };
     wantedBy = [ "timers.target" ];
     partOf = [ "shutdown-after-backup.service" ];
diff --git a/modules/core/networking.nix b/modules/core/networking.nix
index c5ec9cbe..5d66bc56 100644
--- a/modules/core/networking.nix
+++ b/modules/core/networking.nix
@@ -43,12 +43,18 @@ in
     nix.binaryCachePublicKeys = cfg.publicKeys;
 
     # These entries get added to /etc/hosts
-    networking.hosts = {
-      "127.0.0.1" = [ ]
-        ++ lib.optionals cfg.enableCaddy [ "caddy.local" ]
-        ++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ]
-        ++ lib.optionals cfg.enableHelp [ "help.local" ];
-    };
+    networking.hosts =
+      let
+        hostnames = [ ]
+          ++ lib.optionals cfg.enableCaddy [ "caddy.local" ]
+          ++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ]
+          ++ lib.optionals config.pub-solar.paperless.enable [ "paperless.local" ]
+          ++ lib.optionals cfg.enableHelp [ "help.local" ];
+      in
+      {
+        "127.0.0.1" = hostnames;
+        "::1" = hostnames;
+      };
 
     # Caddy reverse proxy for local services like cups
     services.caddy = {
@@ -67,6 +73,15 @@ in
             }
           '')
 
+        (lib.optionalString
+          config.pub-solar.paperless.enable
+          ''
+            paperless.local:80 {
+              request_header Host localhost:28981
+              reverse_proxy localhost:28981
+            }
+          '')
+
         (lib.optionalString
           cfg.enableHelp
           ''
diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix
index 9fd22ab4..d8b1edda 100644
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@@ -23,15 +23,15 @@ in
   };
 
   config = mkIf cfg.enable {
-    services.paperless-ng = {
+    services.paperless = {
       enable = true;
+      user = psCfg.user.name;
       consumptionDir = cfg.consumptionDir;
       extraConfig = {
         PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
+        PAPERLESS_ADMIN_USER = psCfg.user.name;
+        PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
       };
     };
-    environment.systemPackages = [
-      pkgs.hplip
-    ];
   };
 }
diff --git a/users/ben/default.nix b/users/ben/default.nix
index ce609813..1cb6f5d7 100644
--- a/users/ben/default.nix
+++ b/users/ben/default.nix
@@ -30,7 +30,10 @@ in
         ];
       };
 
-      paperless.enable = true;
+      paperless = {
+        enable = false;
+        ocrLanguage = "nld+deu";
+      };
       arduino.enable = true;
       email.enable = true;
       uhk.enable = true;
diff --git a/users/ben/home.nix b/users/ben/home.nix
index 8590f340..2b84a1bf 100644
--- a/users/ben/home.nix
+++ b/users/ben/home.nix
@@ -11,6 +11,7 @@ in
 
   home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
     home.packages = with pkgs; [
+      inkscape
       nix-output-monitor
       tigervnc
       dogecoin