diff --git a/flake.lock b/flake.lock
index a13eab05..4b66bf64 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1023,11 +1023,11 @@
         "nixpkgs-22-05": "nixpkgs-22-05"
       },
       "locked": {
-        "lastModified": 1731800311,
-        "narHash": "sha256-41F+YFPKZibBdbhRwZohqyzQ0VeaTYqSDk80Svkdtzo=",
+        "lastModified": 1732691064,
+        "narHash": "sha256-BRbBbYQY4h3u1EXFOePvty3PIUG3PLZFgZp64T3VDg4=",
         "owner": "xddxdd",
         "repo": "nixos-secrets",
-        "rev": "451404d43c8e557d432f339f031194bff81a85fa",
+        "rev": "607de60d15954f3bc635dcc522df1c677f14e5db",
         "type": "github"
       },
       "original": {
diff --git a/hosts/pve-epyc/configuration.nix b/hosts/pve-epyc/configuration.nix
index 7ad4c33e..45948b42 100644
--- a/hosts/pve-epyc/configuration.nix
+++ b/hosts/pve-epyc/configuration.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  inputs,
   ...
 }:
 {
@@ -50,4 +51,32 @@
   };
 
   zramSwap.enable = lib.mkForce false;
+
+  age.secrets.nut-pass.file = inputs.secrets + "/nut-pass.age";
+  power.ups = {
+    enable = true;
+    mode = "netserver";
+    ups.cyberpower = {
+      driver = "usbhid-ups";
+      port = "auto";
+      shutdownOrder = -1;
+    };
+    users.root = {
+      upsmon = "primary";
+      passwordFile = config.age.secrets.nut-pass.path;
+      instcmds = [ "ALL" ];
+      actions = [
+        "SET"
+        "FSD"
+      ];
+    };
+
+    upsmon.monitor.cyberpower = {
+      user = "root";
+      type = "primary";
+      system = "cyberpower@localhost";
+      passwordFile = config.age.secrets.nut-pass.path;
+      powerValue = 1;
+    };
+  };
 }
diff --git a/nixos/hardware/nvidia/vgpu-extension.nix b/nixos/hardware/nvidia/vgpu-extension.nix
index b25cc784..ec6556fc 100644
--- a/nixos/hardware/nvidia/vgpu-extension.nix
+++ b/nixos/hardware/nvidia/vgpu-extension.nix
@@ -8,7 +8,7 @@ let
   nvidia_x11 = config.hardware.nvidia.package;
 in
 {
-  hardware.nvidia.package = config.boot.kernelPackages.nvidia_x11_vgpu_16_7;
+  hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidia_x11_vgpu_16_7;
   hardware.nvidia.open = false;
 
   boot.kernelModules = [
diff --git a/nixos/minimal-components/ups-autofix.nix b/nixos/minimal-components/ups-autofix.nix
new file mode 100644
index 00000000..678a434d
--- /dev/null
+++ b/nixos/minimal-components/ups-autofix.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+{
+  systemd.services.upsd = lib.mkIf config.power.ups.enable {
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = 5;
+    };
+  };
+  systemd.services.upsmon = lib.mkIf config.power.ups.upsmon.enable {
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = 5;
+    };
+  };
+}
diff --git a/patches/nixpkgs-stable/nvidia-x11-allow-override-submodules.patch b/patches/nixpkgs-stable/nvidia-x11-allow-override-submodules.patch
new file mode 100644
index 00000000..bfa05c51
--- /dev/null
+++ b/patches/nixpkgs-stable/nvidia-x11-allow-override-submodules.patch
@@ -0,0 +1,78 @@
+diff --git a/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix b/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix
+index e70857ea356e..ab79fd62a34d 100644
+--- a/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix
++++ b/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix
+@@ -1,4 +1,4 @@
+-nvidia_x11: sha256:
++sha256:
+ 
+ { stdenv, lib, fetchurl, patchelf }:
+ 
+diff --git a/pkgs/os-specific/linux/nvidia-x11/generic.nix b/pkgs/os-specific/linux/nvidia-x11/generic.nix
+index 3f6c5d1caaa3..e69d2aaca3b6 100644
+--- a/pkgs/os-specific/linux/nvidia-x11/generic.nix
++++ b/pkgs/os-specific/linux/nvidia-x11/generic.nix
+@@ -207,8 +207,9 @@ let
+           openSha256;
+         settings =
+           if useSettings then
+-            (if settings32Bit then pkgsi686Linux.callPackage else callPackage) (import ./settings.nix self settingsSha256)
++            (if settings32Bit then pkgsi686Linux.callPackage else callPackage) (import ./settings.nix settingsSha256)
+               {
++                nvidia_x11 = self;
+                 withGtk2 = preferGtk2;
+                 withGtk3 = !preferGtk2;
+                 fetchFromGitHub = fetchFromGithubOrNvidia;
+@@ -216,14 +217,17 @@ let
+         persistenced =
+           if usePersistenced then
+             mapNullable
+-              (hash: callPackage (import ./persistenced.nix self hash) {
++              (hash: callPackage (import ./persistenced.nix hash) {
++                nvidia_x11 = self;
+                 fetchFromGitHub = fetchFromGithubOrNvidia;
+               })
+               persistencedSha256
+           else { };
+         fabricmanager =
+           if useFabricmanager then
+-            mapNullable (hash: callPackage (import ./fabricmanager.nix self hash) { }) fabricmanagerSha256
++            mapNullable (hash: callPackage (import ./fabricmanager.nix hash) {
++              nvidia_x11 = self;
++            }) fabricmanagerSha256
+           else { };
+         inherit persistencedVersion settingsVersion;
+         compressFirmware = false;
+diff --git a/pkgs/os-specific/linux/nvidia-x11/persistenced.nix b/pkgs/os-specific/linux/nvidia-x11/persistenced.nix
+index dcdd22044e2a..c95d028ca332 100644
+--- a/pkgs/os-specific/linux/nvidia-x11/persistenced.nix
++++ b/pkgs/os-specific/linux/nvidia-x11/persistenced.nix
+@@ -1,8 +1,9 @@
+-nvidia_x11: sha256:
++sha256:
+ 
+ { stdenv
+ , lib
+ , fetchFromGitHub
++, nvidia_x11
+ , m4
+ , libtirpc
+ }:
+diff --git a/pkgs/os-specific/linux/nvidia-x11/settings.nix b/pkgs/os-specific/linux/nvidia-x11/settings.nix
+index 2d9dfd81829e..23e835362997 100644
+--- a/pkgs/os-specific/linux/nvidia-x11/settings.nix
++++ b/pkgs/os-specific/linux/nvidia-x11/settings.nix
+@@ -1,4 +1,4 @@
+-nvidia_x11: sha256:
++sha256:
+ 
+ { stdenv
+ , lib
+@@ -16,6 +16,7 @@ nvidia_x11: sha256:
+ , libXxf86vm
+ , libvdpau
+ , librsvg
++, nvidia_x11
+ , wrapGAppsHook3
+ , addOpenGLRunpath
+ , withGtk2 ? false