diff --git a/default.nix b/default.nix
index 6dd3399..b8e7203 100755
--- a/default.nix
+++ b/default.nix
@@ -56,7 +56,7 @@ in {
 
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams=["pci_aspm.policy=performance"];
+    kernelParams = ["pci_aspm.policy=performance"];
   };
 
   # configure keymap in x11
diff --git a/modules/desktop/waybar.nix b/modules/desktop/waybar.nix
index 1293ad4..596737f 100644
--- a/modules/desktop/waybar.nix
+++ b/modules/desktop/waybar.nix
@@ -111,6 +111,8 @@ in {
               "(.*) — Mozilla Firefox" = "$1"; # the dash here is SLIGHTLY different. Wow
               "(.*) - Visual Studio Code" = "$1";
               #"(.*\\.nix\\s.*)" = "";
+              "(\\S+\\.html\\s.*)" = " $1";
+              "(\\S+\\.css\\s.*)" = " $1";
               "(\\S+\\.js\\s.*)" = " $1";
               "(\\S+\\.ts\\s.*)" = " $1";
               "(\\S+\\.go\\s.*)" = " $1";
@@ -121,9 +123,11 @@ in {
               "(\\S+\\.jsonc?\\s.*)" = " $1";
               "(\\S+\\.md\\s.*)" = " $1";
               "(\\S+\\.txt\\s.*)" = " $1";
-              "(\\S+\\.cs\\s.*)" = " $1";
+              "(\\S+\\.cs\\s.*)" = "󰌛 $1";
               "(\\S+\\.c\\s.*)" = " $1";
               "(\\S+\\.cpp\\s.*)" = " $1";
+              "(\\S+\\.zig\\s.*)" = " $1";
+              "(\\S+\\.rs\\s.*)" = " $1";
               "(\\S+\\.hs\\s.*)" = " $1";
               ".*Discord | (.*) | .*" = "$1 - ArmCord";
               #"(.*) - ArmCord" = "$1";
diff --git a/modules/security.nix b/modules/security.nix
index 204c96f..c4db9ad 100755
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -15,56 +15,56 @@ in {
     
       kernel.sysctl = {
         # magic sysrq key, allows low-level commands through keyboard input
-          "kernel.sysrq" = 0;
+        "kernel.sysrq" = 0;
 
-          ## TCP hardening
-          # prevent bogus ICMP errors from filling up logs
-          "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
-          # do not accept IP source packets (we are not a router)
-          "net.ipv4.conf.all.accept_source_route" = 0;
-          "net.ipv6.conf.all.accept_source_route" = 0;
-          # don't send ICMP redirects (again, we're not a router)
-          "net.ipv4.conf.all.send_redirects" = 0;
-          "net.ipv4.conf.default.send_redirects" = 0;
-          # refuse ICMP redirects (MITM mitigations)
-          "net.ipv4.conf.all.accept_redirects" = 0;
-          "net.ipv4.conf.default.accept_redirects" = 0;
-          "net.ipv4.conf.all.secure_redirects" = 0;
-          "net.ipv4.conf.default.secure_redirects" = 0;
-          "net.ipv6.conf.all.accept_redirects" = 0;
-          "net.ipv6.conf.default.accept_redirects" = 0;
-          # protects against SYN flood attacks
-          "net.ipv4.tcp_syncookies" = 1;
-          # incomplete protection against TIME-WAIT assassination
-          "net.ipv4.tcp_rfc1337" = 1;
+        ## TCP hardening
+        # prevent bogus ICMP errors from filling up logs
+        "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
+        # do not accept IP source packets (we are not a router)
+        "net.ipv4.conf.all.accept_source_route" = 0;
+        "net.ipv6.conf.all.accept_source_route" = 0;
+        # don't send ICMP redirects (again, we're not a router)
+        "net.ipv4.conf.all.send_redirects" = 0;
+        "net.ipv4.conf.default.send_redirects" = 0;
+        # refuse ICMP redirects (MITM mitigations)
+        "net.ipv4.conf.all.accept_redirects" = 0;
+        "net.ipv4.conf.default.accept_redirects" = 0;
+        "net.ipv4.conf.all.secure_redirects" = 0;
+        "net.ipv4.conf.default.secure_redirects" = 0;
+        "net.ipv6.conf.all.accept_redirects" = 0;
+        "net.ipv6.conf.default.accept_redirects" = 0;
+        # protects against SYN flood attacks
+        "net.ipv4.tcp_syncookies" = 1;
+        # incomplete protection against TIME-WAIT assassination
+        "net.ipv4.tcp_rfc1337" = 1;
 
-          ## TCP optimization
-          # TCP fastopen
-          "net.ipv4.tcp_fastopen" = 3;
-          # bufferbloat mitigations + improvement in throughput and latency
-          "net.ipv4.tcp_conjestion_control" = "bbr";
-          "net.core.default_qdisc" = "cake";
-        };
-        kernelModules = [ "tcp_bbr" ];
+        ## TCP optimization
+        # TCP fastopen
+        "net.ipv4.tcp_fastopen" = 3;
+        # bufferbloat mitigations + improvement in throughput and latency
+        "net.ipv4.tcp_conjestion_control" = "bbr";
+        "net.core.default_qdisc" = "cake";
       };
+      kernelModules = [ "tcp_bbr" ];
+    };
 
-      security = {
-        # prevents replacing the kernel without a reboot
-        protectKernelImage = true;
-        # rtkit allows unprivileged processes to use realtime scheduling
-        # polkit allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot)
-        rtkit.enable = true;
-        polkit.enable = true;
-      };
+    security = {
+      # prevents replacing the kernel without a reboot
+      protectKernelImage = true;
+      # rtkit allows unprivileged processes to use realtime scheduling
+      # polkit allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot)
+      rtkit.enable = true;
+      polkit.enable = true;
+    };
 
-      # personal computer? no firewall ty :3
-      networking.firewall.enable = false;
-    } // (mkIf cfg.useDoas {
-      security.sudo.enable = false;
-      security.doas.enable = true;
-      security.doas.extraRules = [
-        { users = [ config.user.name ]; noPass = true; persist = false; keepEnv = true; }
-      ];
-      environment.systemPackages = with pkgs; [ doas-sudo-shim ];
-    });
+    # personal computer? no firewall ty :3
+    networking.firewall.enable = false;
+  } // (mkIf cfg.useDoas {
+    security.sudo.enable = false;
+    security.doas.enable = true;
+    security.doas.extraRules = [
+      { users = [ config.user.name ]; noPass = true; persist = false; keepEnv = true; }
+    ];
+    environment.systemPackages = with pkgs; [ doas-sudo-shim ];
+  });
 }