diff --git a/flake.lock b/flake.lock
index 7030c08..9a293c3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -65,11 +65,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1692454652,
-        "narHash": "sha256-fPwWWS2iuRQGGnfjixpTz/SQJGTenmPzyH6k+4qEkIQ=",
+        "lastModified": 1692571261,
+        "narHash": "sha256-4g7yIsIRFQOXJGaWQxsk6VfOxH4orHF53PGYAh95Rjk=",
         "owner": "nifoc",
         "repo": "bdfr-browser",
-        "rev": "f443a5b7ae897d9206992b6fc12ec93b4da55e9c",
+        "rev": "8900987e2c7f39e615d91ad993290f4a7c6467ba",
         "type": "github"
       },
       "original": {
@@ -514,11 +514,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1692449695,
-        "narHash": "sha256-W8wymaHQ2paLn94QRifYCVcUxfUM9l5wNwZDTrCngOU=",
+        "lastModified": 1692571304,
+        "narHash": "sha256-RpZpwfJ+wAYslG5IIQPKMUjTbsDfksB8DLeVKpmYfYU=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "b263c73b083e43761386d46d62524ea104d7abbd",
+        "rev": "10459e1ed0fe6429b15705567135c55e0778b262",
         "type": "github"
       },
       "original": {
@@ -539,11 +539,11 @@
         "weewx-proxy-flake": "weewx-proxy-flake"
       },
       "locked": {
-        "lastModified": 1692519414,
-        "narHash": "sha256-mOk8hIs+N7c3iV6BPTz6cqoYE7jMEF3t/Z4cMxREORY=",
+        "lastModified": 1692572361,
+        "narHash": "sha256-hbzpN4K7+QtoQiT1of8T9pXsB87yQFMMRB1unBuUjag=",
         "owner": "nifoc",
         "repo": "nix-overlay",
-        "rev": "5a636ad6da273a885223d91cf2fe22fa348e6204",
+        "rev": "0928d6ec22d40ab9df751c8a427735b094b2c2f2",
         "type": "github"
       },
       "original": {
diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix
index 071efc6..c2ac6f1 100644
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@@ -122,8 +122,8 @@ in
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "43b2153d26da8308e3d58ac0db911111c7c35395";
-      sha256 = "1x9gzq2qrzqbgdz3f8bv8xn7d93lwxl5pnna6dmcwa75jw2i8x82";
+      rev = "a185f8ebae9006b181e83f6569df68e7ff8aeb80";
+      sha256 = "1gim90sfsfca4d26bsr2maag7i90ficwgvn09nvlngdsdgjvqyv5";
       fetchSubmodules = false;
     };
   };
@@ -140,12 +140,12 @@ in
   };
   rainbow-delimiters-nvim = buildVimPluginFrom2Nix {
     pname = "rainbow-delimiters.nvim";
-    version = "2023-08-16";
+    version = "2023-08-21";
     src = fetchFromGitHub {
       owner = "HiPhish";
       repo = "rainbow-delimiters.nvim";
-      rev = "f86a3bcaff6ec8f2bf24304e233ad54659686657";
-      sha256 = "1h9p2smqamlnd2714pglhzv4h4xm0v1qc1xn44rj94634zjr1lkv";
+      rev = "f11af94bab92e11609e418fe019c6441b39c66f0";
+      sha256 = "13qsih44jmfdnkqxqy6ck8mv88bch7rc2h7k1hqr52d2bldkmc7q";
       fetchSubmodules = false;
     };
   };
diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix
index f951260..19f2176 100644
--- a/system/hosts/argon.nix
+++ b/system/hosts/argon.nix
@@ -23,6 +23,8 @@ in
 
     ../nixos/tailscale.nix
 
+    ../nixos/unbound.nix
+
     ../nixos/uptime-kuma.nix
 
     ../nixos/weewx-proxy.nix
diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix
index 2e75db7..56ec992 100644
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@@ -25,6 +25,8 @@ in
 
     ../nixos/tailscale.nix
 
+    ../nixos/unbound.nix
+
     ../nixos/container.nix
     ../nixos/mediaserver-setup.nix
     (import ../nixos/wireguard-netns.nix (args // { inherit secret; }))
diff --git a/system/nixos/atticd.nix b/system/nixos/atticd.nix
index 8197526..99a28d2 100644
--- a/system/nixos/atticd.nix
+++ b/system/nixos/atticd.nix
@@ -61,6 +61,9 @@ in
 
     extraConfig = ''
       client_max_body_size 0;
+
+      proxy_read_timeout 300s;
+      proxy_send_timeout 300s;
     '';
 
     locations."/" = {
diff --git a/system/nixos/postgresql.nix b/system/nixos/postgresql.nix
index d523805..6bece3c 100644
--- a/system/nixos/postgresql.nix
+++ b/system/nixos/postgresql.nix
@@ -14,7 +14,7 @@
     };
 
     authentication = ''
-      host all all 100.113.242.85/32 md5
+      host all all 100.66.42.98/32 md5
       host all all 10.88.0.0/16 md5
     '';
   };
diff --git a/system/nixos/unbound.nix b/system/nixos/unbound.nix
new file mode 100644
index 0000000..b3133d1
--- /dev/null
+++ b/system/nixos/unbound.nix
@@ -0,0 +1,38 @@
+{
+  services.unbound = {
+    enable = true;
+    resolveLocalQueries = false;
+
+    settings = {
+      server = {
+        interface = [ "127.0.0.1" ];
+        port = 6053;
+
+        verbosity = 0;
+
+        do-ip4 = true;
+        do-ip6 = true;
+        do-udp = true;
+        do-tcp = true;
+
+        harden-glue = true;
+        harden-dnssec-stripped = true;
+        use-caps-for-id = false;
+
+        edns-buffer-size = 1232;
+
+        num-threads = 1;
+        so-rcvbuf = "1m";
+
+        private-address = [
+          "192.168.0.0/16"
+          "169.254.0.0/16"
+          "172.16.0.0/12"
+          "10.0.0.0/8"
+          "fd00::/8"
+          "fe80::/10"
+        ];
+      };
+    };
+  };
+}