diff --git a/flake-parts/nebula.nix b/flake-parts/nebula.nix
new file mode 100644
index 0000000..813c8cb
--- /dev/null
+++ b/flake-parts/nebula.nix
@@ -0,0 +1,53 @@
+_: {
+  perSystem =
+    { self', pkgs, ... }:
+    {
+      devShells.nebula = pkgs.mkShellNoCC {
+        packages = [
+          pkgs.nebula
+          pkgs.bitwarden-cli
+          self'.packages.nebula-regen-host-cert
+        ];
+
+        shellHook = ''
+          if ! declare -px BW_SESSION >/dev/null 2>&1; then
+            BW_SESSION="$(bw unlock --raw || bw login --raw)"
+            export BW_SESSION
+          fi
+        '';
+      };
+
+      packages.nebula-regen-host-cert = pkgs.writeShellApplication {
+        name = "nebula-regen-host-cert";
+        runtimeInputs = [
+          pkgs.nebula
+          pkgs.bitwarden-cli
+        ];
+        text = ''
+          if [[ $# -ne 1 ]]; then
+            echo "Usage: $0 <host>"
+            exit 1
+          fi
+
+          host="$1"
+          address="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.networking.overlay.cidr")"
+          ca_cert='modules/system/services/nebula/ca.crt'
+          host_pub="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.publicKeyPath")"
+          host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")"
+          host_cert="''${host_cert#*-source/}"
+
+          if ! declare -px BW_SESSION >/dev/null 2>&1; then
+            BW_SESSION="$(bw unlock --raw || bw login --raw)"
+          fi
+
+          ca_key="$(mktemp)"
+          chmod 600 "$ca_key"
+          trap 'rm -f "$ca_key"' EXIT
+          bw get notes 'nebula ca-key' > "$ca_key"
+
+          rm -f "$host_cert"
+          nebula-cert sign -name "$host" -networks "$address" -ca-crt "$ca_cert" -ca-key "$ca_key" -in-pub "$host_pub" -out-crt "$host_cert"
+        '';
+      };
+    };
+}
diff --git a/modules/home/programs/vscode.nix b/modules/home/programs/vscode.nix
index 71f3e28..50c8231 100644
--- a/modules/home/programs/vscode.nix
+++ b/modules/home/programs/vscode.nix
@@ -65,9 +65,9 @@
             "nix.serverPath" = lib.getExe pkgs.nixd;
             "nix.formatterPath" = lib.getExe pkgs.nixfmt-rfc-style;
             "nix.serverSettings.nixd.formatting.command" = [ (lib.getExe pkgs.nixfmt-rfc-style) ];
-            "github.copilot.enable" = {
-              "*" = false;
-            };
+            "github.copilot.enable"."*" = false;
+            "chat.fontSize" = 15;
+            "chat.editor.fontSize" = 15;
           }
         );
       in