diff --git a/data/devenv/templates/ros/flake.nix b/data/devenv/templates/ros/flake.nix
index effa406..a3842c5 100644
--- a/data/devenv/templates/ros/flake.nix
+++ b/data/devenv/templates/ros/flake.nix
@@ -26,10 +26,26 @@
           # ROS packages
           (buildEnv {
             paths = [
+              # Core
               ros-environment
+              colcon
+              # Ros2
+              ros2run
+              ros2param
               ros2topic
               ros2node
-              geometry-msgs
+              ros2interface
+              ros2service
+              ros2action
+              ros2pkg
+              # RQT
+              rqt
+              rqt-msg
+              rqt-topic
+              rqt-action
+              rqt-service-caller
+              rqt-graph
+              # Extra
            ];
           })
         ]);
diff --git a/hosts/reykjavik/default.nix b/hosts/reykjavik/default.nix
index 0ad09d7..60fc95a 100644
--- a/hosts/reykjavik/default.nix
+++ b/hosts/reykjavik/default.nix
@@ -15,6 +15,18 @@ in
   user.name = "marc";
   user.shell = pkgs.zsh;
   networking.hostName = "reykjavik";
+  networking.firewall = {
+    enable = true;
+    allowedUDPPortRanges = [
+      # - ROS ------------------------------------
+      # Open ports for ROS 2 DDS
+      # See https://docs.ros.org/en/humble/Concepts/About-Domain-ID.html
+      # Multicast ports for DOMAIN_ID 13
+      { from = 10650; to = 10651; }
+      # Unicast ports for DOMAIN_ID 13 and up to 120 particimants
+      { from = 10660; to = 10890; }
+    ];
+  };
 
   # - Bootloader ---------------------------------
 
@@ -53,6 +65,7 @@ in
       intelBusId = "PCI:0:2:0";
       nvidiaBusId = "PCI:1:0:0";
     };
+    system.gpg.enable = true;
 
     # - Desktop ----------------------------------
     desktop = {
diff --git a/modules/system/gpg.nix b/modules/system/gpg.nix
new file mode 100644
index 0000000..87e1657
--- /dev/null
+++ b/modules/system/gpg.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, self, ... }:
+
+let
+  cfg = config.samfelag.modules.system.gpg;
+in
+{
+  options.samfelag.modules.system.gpg = {
+    enable = lib.mkEnableOption "gpg";
+  };
+  config = lib.mkIf cfg.enable {
+    programs.gnupg.agent.enable = true;
+    # environment.systemPackages = with pkgs; [
+    #   gnupg
+    # ];
+  };
+}
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index 762c5fe..f6748d9 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -9,7 +9,11 @@ in
   };
   config = lib.mkIf cfg.enable {
     # See https://github.com/tailscale/tailscale/issues/4432
-    networking.firewall.checkReversePath = "loose";
+    networking = {
+      firewall.checkReversePath = "loose";
+      nameservers = [ "100.80.195.56" ];
+      networkmanager.dns = "none";
+    };
     services.tailscale.enable = true;
   };
 }