diff --git a/SwarselSystems.org b/SwarselSystems.org
index fd0f29c..aa3ce5c 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -448,6 +448,8 @@ In =outputs = inputs@ [...]=, the =inputs@= makes it so that all inputs are auto
           systems = [
             "x86_64-linux"
             "aarch64-linux"
+            "x86_64-darwin"
+            "aarch64-darwin"
           ];
         };
   }
@@ -518,7 +520,7 @@ When setting this option normally, the password would normally be written world-
   nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
   nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
   nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
-  systems.url = "github:nix-systems/default-linux";
+  systems.url = "github:nix-systems/default";
   home-manager = {
     url = "github:nix-community/home-manager";
     inputs.nixpkgs.follows = "nixpkgs";
@@ -625,7 +627,7 @@ In this section I am creating some attributes that define general concepts of my
 
   # nixosModules = import ./modules/nixos { inherit lib; };
   # homeModules = import ./modules/home { inherit lib; };
-  packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
+  packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import ./pkgs { inherit lib pkgs; });
   formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
   overlays = import ./overlays { inherit self lib inputs; };
 
@@ -5389,6 +5391,19 @@ TODO
       }
     );
 
+    toCapitalized = str:
+      if builtins.stringLength str == 0 then
+        ""
+      else
+        let
+          first = builtins.substring 0 1 str;
+          rest = builtins.substring 1 (builtins.stringLength str - 1) str;
+          upper = lib.toUpper first;
+          lower = lib.toLower rest;
+        in
+          upper + lower;
+
+
     # mkUser = name: {
     #   config.users.users.${name} = {
     #     group = name;
@@ -5408,6 +5423,7 @@ TODO
     getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
 
     forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
+    forEachLinuxSystem = f: lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: f lib.swarselsystems.pkgsFor.${system});
 
     readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
     readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));
@@ -5594,9 +5610,15 @@ in
           (mkConnection "moonside" "wan")
           (mkConnection "pfsense" "wan")
           (mkConnection "sync" "wan")
+          (mkConnection "toto" "bootstrapper")
+          (mkConnection "drugstore" "installer image")
+          (mkConnection "chaostheatre" "demo host")
         ];
       };
 
+      chaostheatre.interfaces."demo host" = { };
+      drugstore.interfaces."installer image" = { };
+      toto.interfaces."bootstrapper" = { };
       sync.interfaces.wan = { };
       moonside.interfaces.wan = { };
 
@@ -5716,7 +5738,9 @@ in
         image = ../topology/images/DELL-C2665dnf.png;
         interfaces.eth1 = { };
       };
+
     };
+
   }
 
 #+end_src
@@ -6858,14 +6882,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at
   {
     options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config";
     config = lib.mkIf config.swarselsystems.modules.commonSops {
-      sops = lib.mkIf (!config.swarselsystems.isPublic) {
+      sops = {
 
         age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
         defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
 
         validateSopsFiles = false;
 
-        secrets = {
+        secrets = lib.mkIf (!config.swarselsystems.isPublic) {
           ernest = { };
           frauns = { };
           hotspot = { };
@@ -6886,7 +6910,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
           "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
           "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
         };
-        templates = {
+        templates = lib.mkIf (!config.swarselsystems.isPublic) {
           "network-manager.env".content = ''
             ERNEST=${config.sops.placeholder.ernest}
             FRAUNS=${config.sops.placeholder.frauns}
@@ -8088,7 +8112,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in
           };
         };
 
-
         avahi = {
           publish.enable = true;
           publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
@@ -10962,10 +10985,10 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
         koillection-env-file = { };
       };
 
-      topology.self.services.koillection = {
-        name = "Koillection";
+      topology.self.services.${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
         info = "https://${serviceDomain}";
-        icon = "${self}/topology/images/koillection.png";
+        icon = "${self}/topology/images/${serviceName}.png";
       };
       globals.services.${serviceName}.domain = serviceDomain;
 
@@ -11243,7 +11266,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
 :END:
 
 #+begin_src nix :tangle modules/nixos/server/croc.nix
-  { lib, config, pkgs, ... }:
+  { self, lib, config, pkgs, ... }:
   let
     serviceDomain = "send.swarsel.win";
     servicePorts = [
@@ -11275,7 +11298,13 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
         };
       };
 
-      topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+
+      topology.self.services.${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
+        info = "https://${serviceDomain}";
+        icon = "${self}/topology/images/${serviceName}.png";
+      };
+
       globals.services.${serviceName}.domain = serviceDomain;
 
       services.croc = {
@@ -11311,7 +11340,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
 :END:
 
 #+begin_src nix :tangle modules/nixos/server/microbin.nix
-  { lib, config, ... }:
+  { self, lib, config, ... }:
   let
     serviceDomain = "scratch.swarsel.win";
     servicePort = 8777;
@@ -11355,7 +11384,11 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
         };
       };
 
-      topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+      topology.self.services.${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
+        info = "https://${serviceDomain}";
+        icon = "${self}/topology/images/${serviceName}.png";
+      };
       globals.services.${serviceName}.domain = serviceDomain;
 
       services."${serviceName}" = {
@@ -11444,7 +11477,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
 :END:
 
 #+begin_src nix :tangle modules/nixos/server/shlink.nix
-  { lib, config, ... }:
+  { self, lib, config, ... }:
   let
     serviceDomain = "s.swarsel.win";
     servicePort = 8081;
@@ -11494,7 +11527,11 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
         { directory = "/var/lib/containers"; }
       ];
 
-      topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+      topology.self.services.${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
+        info = "https://${serviceDomain}";
+        icon = "${self}/topology/images/${serviceName}.png";
+      };
       globals.services.${serviceName}.domain = serviceDomain;
 
       services.nginx = {
@@ -12835,12 +12872,12 @@ I use sops-nix to handle secrets that I want to have available on my machines at
   {
     options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings";
     config = lib.mkIf config.swarselsystems.modules.sops {
-      sops = lib.mkIf (!config.swarselsystems.isPublic) {
+      sops =  {
         age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
         defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
 
         validateSopsFiles = false;
-        secrets = {
+        secrets = lib.mkIf (!config.swarselsystems.isPublic) {
           mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
           nautilus = { path = "${xdgDir}/secrets/nautilus"; };
           leon = { path = "${xdgDir}/secrets/leon"; };
@@ -13673,7 +13710,7 @@ Currently I only use it as before with =initExtra= though.
           #   src = pkgs.zsh-fzf-tab;
           # }
         ];
-        initContent = ''
+        initContent = lib.mkIf (!config.swarselsystems.isPublic) ''
           my-forward-word() {
             local WORDCHARS=$WORDCHARS
             WORDCHARS="''${WORDCHARS//:}"
diff --git a/flake.lock b/flake.lock
index e0168bc..fc7e793 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1594,16 +1594,16 @@
     },
     "systems_3": {
       "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
         "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
-        "repo": "default-linux",
+        "repo": "default",
         "type": "github"
       }
     },
diff --git a/flake.nix b/flake.nix
index 2ea88c4..1a46670 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,7 +18,7 @@
     nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
     nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
-    systems.url = "github:nix-systems/default-linux";
+    systems.url = "github:nix-systems/default";
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -200,7 +200,7 @@
 
           # nixosModules = import ./modules/nixos { inherit lib; };
           # homeModules = import ./modules/home { inherit lib; };
-          packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
+          packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import ./pkgs { inherit lib pkgs; });
           formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
           overlays = import ./overlays { inherit self lib inputs; };
 
@@ -284,6 +284,8 @@
       systems = [
         "x86_64-linux"
         "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
       ];
     };
 }
diff --git a/lib/default.nix b/lib/default.nix
index 456ff7e..3a90b04 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -23,6 +23,19 @@
     }
   );
 
+  toCapitalized = str:
+    if builtins.stringLength str == 0 then
+      ""
+    else
+      let
+        first = builtins.substring 0 1 str;
+        rest = builtins.substring 1 (builtins.stringLength str - 1) str;
+        upper = lib.toUpper first;
+        lower = lib.toLower rest;
+      in
+      upper + lower;
+
+
   # mkUser = name: {
   #   config.users.users.${name} = {
   #     group = name;
@@ -42,6 +55,7 @@
   getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
 
   forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
+  forEachLinuxSystem = f: lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: f lib.swarselsystems.pkgsFor.${system});
 
   readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
   readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));
diff --git a/modules/home/common/sops.nix b/modules/home/common/sops.nix
index 28ac87f..627adfd 100644
--- a/modules/home/common/sops.nix
+++ b/modules/home/common/sops.nix
@@ -5,12 +5,12 @@ in
 {
   options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings";
   config = lib.mkIf config.swarselsystems.modules.sops {
-    sops = lib.mkIf (!config.swarselsystems.isPublic) {
+    sops = {
       age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
       defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
 
       validateSopsFiles = false;
-      secrets = {
+      secrets = lib.mkIf (!config.swarselsystems.isPublic) {
         mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
         nautilus = { path = "${xdgDir}/secrets/nautilus"; };
         leon = { path = "${xdgDir}/secrets/leon"; };
diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix
index 575bff8..afece1e 100644
--- a/modules/home/common/zsh.nix
+++ b/modules/home/common/zsh.nix
@@ -77,7 +77,7 @@ in
         #   src = pkgs.zsh-fzf-tab;
         # }
       ];
-      initContent = ''
+      initContent = lib.mkIf (!config.swarselsystems.isPublic) ''
         my-forward-word() {
           local WORDCHARS=$WORDCHARS
           WORDCHARS="''${WORDCHARS//:}"
diff --git a/modules/nixos/common/sops.nix b/modules/nixos/common/sops.nix
index f16cafc..91fa2da 100644
--- a/modules/nixos/common/sops.nix
+++ b/modules/nixos/common/sops.nix
@@ -6,14 +6,14 @@ in
 {
   options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config";
   config = lib.mkIf config.swarselsystems.modules.commonSops {
-    sops = lib.mkIf (!config.swarselsystems.isPublic) {
+    sops = {
 
       age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
       defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
 
       validateSopsFiles = false;
 
-      secrets = {
+      secrets = lib.mkIf (!config.swarselsystems.isPublic) {
         ernest = { };
         frauns = { };
         hotspot = { };
@@ -34,7 +34,7 @@ in
         "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
         "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
       };
-      templates = {
+      templates = lib.mkIf (!config.swarselsystems.isPublic) {
         "network-manager.env".content = ''
           ERNEST=${config.sops.placeholder.ernest}
           FRAUNS=${config.sops.placeholder.frauns}
diff --git a/modules/nixos/server/croc.nix b/modules/nixos/server/croc.nix
index 2620c05..2882b58 100644
--- a/modules/nixos/server/croc.nix
+++ b/modules/nixos/server/croc.nix
@@ -1,4 +1,4 @@
-{ lib, config, pkgs, ... }:
+{ self, lib, config, pkgs, ... }:
 let
   serviceDomain = "send.swarsel.win";
   servicePorts = [
@@ -30,7 +30,13 @@ in
       };
     };
 
-    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+
+    topology.self.services.${serviceName} = {
+      name = lib.swarselsystems.toCapitalized serviceName;
+      info = "https://${serviceDomain}";
+      icon = "${self}/topology/images/${serviceName}.png";
+    };
+
     globals.services.${serviceName}.domain = serviceDomain;
 
     services.croc = {
diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix
index 96f8810..9001951 100644
--- a/modules/nixos/server/koillection.nix
+++ b/modules/nixos/server/koillection.nix
@@ -18,10 +18,10 @@ in
       koillection-env-file = { };
     };
 
-    topology.self.services.koillection = {
-      name = "Koillection";
+    topology.self.services.${serviceName} = {
+      name = lib.swarselsystems.toCapitalized serviceName;
       info = "https://${serviceDomain}";
-      icon = "${self}/topology/images/koillection.png";
+      icon = "${self}/topology/images/${serviceName}.png";
     };
     globals.services.${serviceName}.domain = serviceDomain;
 
diff --git a/modules/nixos/server/microbin.nix b/modules/nixos/server/microbin.nix
index 3c17bbf..7b2da0b 100644
--- a/modules/nixos/server/microbin.nix
+++ b/modules/nixos/server/microbin.nix
@@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ self, lib, config, ... }:
 let
   serviceDomain = "scratch.swarsel.win";
   servicePort = 8777;
@@ -42,7 +42,11 @@ in
       };
     };
 
-    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    topology.self.services.${serviceName} = {
+      name = lib.swarselsystems.toCapitalized serviceName;
+      info = "https://${serviceDomain}";
+      icon = "${self}/topology/images/${serviceName}.png";
+    };
     globals.services.${serviceName}.domain = serviceDomain;
 
     services."${serviceName}" = {
diff --git a/modules/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix
index edd061c..c96e7d2 100644
--- a/modules/nixos/server/nfs.nix
+++ b/modules/nixos/server/nfs.nix
@@ -33,7 +33,6 @@
         };
       };
 
-
       avahi = {
         publish.enable = true;
         publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix
index 374f035..254b073 100644
--- a/modules/nixos/server/shlink.nix
+++ b/modules/nixos/server/shlink.nix
@@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ self, lib, config, ... }:
 let
   serviceDomain = "s.swarsel.win";
   servicePort = 8081;
@@ -48,7 +48,11 @@ in
       { directory = "/var/lib/containers"; }
     ];
 
-    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    topology.self.services.${serviceName} = {
+      name = lib.swarselsystems.toCapitalized serviceName;
+      info = "https://${serviceDomain}";
+      icon = "${self}/topology/images/${serviceName}.png";
+    };
     globals.services.${serviceName}.domain = serviceDomain;
 
     services.nginx = {
diff --git a/topology/default.nix b/topology/default.nix
index afe49b9..a017167 100644
--- a/topology/default.nix
+++ b/topology/default.nix
@@ -28,9 +28,15 @@ in
         (mkConnection "moonside" "wan")
         (mkConnection "pfsense" "wan")
         (mkConnection "sync" "wan")
+        (mkConnection "toto" "bootstrapper")
+        (mkConnection "drugstore" "installer image")
+        (mkConnection "chaostheatre" "demo host")
       ];
     };
 
+    chaostheatre.interfaces."demo host" = { };
+    drugstore.interfaces."installer image" = { };
+    toto.interfaces."bootstrapper" = { };
     sync.interfaces.wan = { };
     moonside.interfaces.wan = { };
 
@@ -150,5 +156,7 @@ in
       image = ../topology/images/DELL-C2665dnf.png;
       interfaces.eth1 = { };
     };
+
   };
+
 }
diff --git a/topology/images/croc.png b/topology/images/croc.png
new file mode 100644
index 0000000..1024fe0
Binary files /dev/null and b/topology/images/croc.png differ
diff --git a/topology/images/microbin.png b/topology/images/microbin.png
new file mode 100644
index 0000000..da0c331
Binary files /dev/null and b/topology/images/microbin.png differ
diff --git a/topology/images/shlink.png b/topology/images/shlink.png
new file mode 100644
index 0000000..e3df864
Binary files /dev/null and b/topology/images/shlink.png differ