diff --git a/dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl b/dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl
index d69ffab1..afd04a2f 100644
--- a/dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl
+++ b/dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl
@@ -13,9 +13,11 @@
 {{- $githubUsername := "ProfessorManhattan" -}}
 {{- $githubReadToken := "" -}}
 {{- $gitlabReadToken := "" -}}
+{{- $locale := (output ("echo" "$LANG")) }}
 {{- $ngrokAuthToken := "" -}}
 {{- $slackApiToken := "" -}}
 {{- $tabbySyncToken := "" -}}
+{{- $timezone := "" -}}
 {{- $toolchains := list "docker" "iac" "java" "kubernetes" "node" "python" "rust" "extra" -}}
 
 {{- $data := . }}
@@ -96,6 +98,8 @@
 {{- end }}
 
 {{- $domain = promptStringOnce $data.user "domain" "Domain" $domain -}}
+{{- $locale = promptStringOnce $data.user "locale" "locale" "Locale" $locale -}}
+{{- $timezone = promptStringOnce $data.user "timezone" "Timezone" $timezone -}}
 {{- $cloudflareUsername = promptStringOnce $data.user "cloudflareUsername" "CloudFlare E-Mail" $email -}}
 {{- $cloudflareToken = promptStringOnce $data.user "cloudflareToken" "CloudFlare API Token" $cloudflareToken -}}
 {{- $gitlabReadToken = promptStringOnce $data.user "gitlabReadToken" "GitLab read-only token (See: https://github.com/gabrie30/ghorg#scm-provider-setup)" $gitlabReadToken }}
@@ -127,6 +131,7 @@ data:
       family: "{{ .chezmoi.os }}"
       id: "{{ get .chezmoi.osRelease "id" | default .chezmoi.os }}"
     home: "{{ .chezmoi.homeDir }}"
+    homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
     type: "{{ $chassisType }}"
     work: {{ $work }}
     restricted: {{ $restricted }}
@@ -138,14 +143,17 @@ data:
   user:
     email: "{{ $email }}"
     name: "{{ $name }}"
-    username: 'Betelgeuse'
+    username: "{{ output ("echo" "$USER") }}
     domain: "{{ $domain }}"
     gmailAddress: "{{ $gmailAddress }}"
     gmailAddressAppPassword: "{{ $gmailAddressAppPassword }}"
     githubUsername: "{{ $githubUsername }}"
-    locale: "en_US"
-    timezone: "America/New_York"
+    locale: "{{ $locale }}"
+    timezone: "{{ $timezone }}"
     CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
+    CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
+    CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
+    CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
     GITHUB_READ_TOKEN: "{{ $githubReadToken }}"
     GITLAB_READ_TOKEN: "{{ $gitlabReadToken }}"
     NGROK_AUTH_TOKEN: "{{ $ngrokAuthToken }}"
@@ -158,9 +166,6 @@ git:
   autoCommit: true
   autoPush: true
 scriptEnv:
-  CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
-  CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
-  CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
   LEXICON_CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
   LEXICON_CLOUDFLARE_TOKEN: "{{ $cloudflareToken }}"
 textconv:
diff --git a/dotfiles/.local/share/chezmoi/home/dot_cache/readonly_rclone/.gitkeep b/dotfiles/.local/share/chezmoi/home/dot_cache/readonly_rclone/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/dotfiles/.local/share/chezmoi/home/dot_local/log/remove_dot_gitkeep b/dotfiles/.local/share/chezmoi/home/dot_local/log/remove_dot_gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/dotfiles/.local/share/chezmoi/home/dot_ssh/create_encrypted_private_readonly_private_id_rsa.tmpl b/dotfiles/.local/share/chezmoi/home/dot_ssh/create_encrypted_private_readonly_private_id_rsa.tmpl
new file mode 100644
index 00000000..46e895af
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/home/dot_ssh/create_encrypted_private_readonly_private_id_rsa.tmpl
@@ -0,0 +1,10 @@
+{{- if ( bitwarden "item" "dev.betelgeuse.ssh.personal.id_rsa.private" ).notes -}}
+{{- ( bitwarden "item" "dev.betelgeuse.ssh.personal.id_rsa.private" ).notes -}}
+{{- else -}}
+{{- $sshLocation = (joinPath .chezmoi.homeDir ".ssh" "id_rsa") -}}
+{{- if not (stat $sshLocation) -}}
+{{-   $sshKeygen = (output "ssh-keygen" "-b" "4096" "-t" "rsa" "-f" $sshLocation "-q" "-N" }}
+{{-   writeToStdout "Generated new SSH key since none were present and could not connect to BitWarden. It will be encrypted and included in your source." -}}
+{{- end -}}
+{{- include $sshLocation }}
+{{ end }}
diff --git a/dotfiles/.local/share/chezmoi/home/dot_ssh/private_id_rsa.tmpl b/dotfiles/.local/share/chezmoi/home/dot_ssh/private_id_rsa.tmpl
deleted file mode 100644
index d5d9af98..00000000
--- a/dotfiles/.local/share/chezmoi/home/dot_ssh/private_id_rsa.tmpl
+++ /dev/null
@@ -1 +0,0 @@
-{{ ( bitwarden "item" "dev.muniftanjim.ssh.personal.id_rsa.private" ).notes }}
diff --git a/dotfiles/.local/share/chezmoi/home/dot_ssh/run_onchanges_after_generate-public-keys b/dotfiles/.local/share/chezmoi/home/dot_ssh/run_onchanges_after_generate-public-keys
new file mode 100644
index 00000000..c6f0df22
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/home/dot_ssh/run_onchanges_after_generate-public-keys
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+{{ $sshFiles = (output "find" "$HOME/.ssh" "-type" "f") }}
+{{ range $sshFile := $sshFiles }}
+# .ssh hash: {{ include ".ssh" | sha256sum }}
+# {{ $sshFile }} hash: {{ include $sshFile | sha256sum }}
+{{ end }}
+
+logg 'Ensuring RSA public keys are present'
+find "$HOME/.ssh" -type f | while read FILE; do
+  if [ ! -f "${FILE}" ] && cat "$FILE" | grep 'BEGIN RSA PRIVATE KEY'; then
+    logg 'Generating missing public key for `'"$FILE"'`'
+    ssh-keygen -f "$FILE" -y > "${FILE}.pub"
+  fi
+done
diff --git a/dotfiles/.local/share/chezmoi/home/private_dot_config/rclone/merge_rclone.conf b/dotfiles/.local/share/chezmoi/home/private_dot_config/rclone/merge_rclone.conf
index b7e61984..3ee32905 100644
--- a/dotfiles/.local/share/chezmoi/home/private_dot_config/rclone/merge_rclone.conf
+++ b/dotfiles/.local/share/chezmoi/home/private_dot_config/rclone/merge_rclone.conf
@@ -1,22 +1,29 @@
-{{- if and (ne .scriptEnv.CLOUDFLARE_ACCESS_KEY_ID "") (ne .scriptEnv.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .scriptEnv.CLOUDFLARE_R2_ACCOUNT_ID "") }}
+{{- if and (ne .user.CLOUDFLARE_ACCESS_KEY_ID "") (ne .user.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .user.CLOUDFLARE_R2_ACCOUNT_ID "") }}
 #!/usr/bin/env bash
-R2_CONFIG=$(cat <<EOT
+
+# Consider https://github.com/dustinsand/blockinfile
+CONFIG_FILE="$HOME/.config/rclone/rclone.conf"
+if cat "$CONFIG_FILE" | grep '# MEGABYTE LABS MANAGED r2-user'; then
+  # TODO: Remove old block
+  START_LINE="$(echo `grep -n -m 1 "# MEGABYTE LABS MANAGED r2-user" .zshrc | cut -f1 -d ":"`)"
+  END_LINE="$(echo `grep -n -m 1 "# MEGABYTE LABS MANAGED r2-user" .zshrc | cut -f1 -d ":"`)"
+  if command -v gsed > /dev/null; then
+    gsed -i "$START_LINE,$END_LINEd" "$CONFIG_FILE"
+  else
+    sed -i "$START_LINE,$END_LINEd" "$CONFIG_FILE"
+  fi
+fi
+
+tee -a "$CONFIG_FILE" > /dev/null <<EOT
+# MEGABYTE LABS MANAGED r2-user
 [r2-user]
 type = s3
 provider = Cloudflare
-access_key_id = {{ .user.cloudflareAccessKeyId }}
-secret_access_key = {{ .user.cloudflareSecretAccessKey }}
+access_key_id = {{ .user.CLOUDFLARE_ACCESS_KEY_ID }}
+secret_access_key = {{ .user.CLOUDFLARE_SECRET_ACCESS_KEY }}
 region = auto
-endpoint = https://{{ .user.cloudflareR2AccountId }}.r2.cloudflarestorage.com
+endpoint = https://{{ .user.CLOUDFLARE_R2_ACCOUNT_ID }}.r2.cloudflarestorage.com
 acl = private
+# MEGABYTE LABS MANAGED r2-user
 EOT
-)
-
-# Consider https://github.com/dustinsand/blockinfile
-if cat $HOME/.config/rclone/rclone.conf | grep '[r2-user]'; then
-  # TODO: Remove old block
-fi
-
-# TODO:
-#tee -a
-{{- end -}}
+{{- end }}
diff --git a/dotfiles/.local/share/chezmoi/system-linux/etc/rcloneignore b/dotfiles/.local/share/chezmoi/system-linux/etc/rcloneignore
new file mode 100644
index 00000000..07ad12eb
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/system-linux/etc/rcloneignore
@@ -0,0 +1,6 @@
+**/.**
+**/_**
+**/*.db
+**/*.box
+**/Network Trash Folder**
+**/node_modules**
diff --git a/dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-docker.service b/dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-docker.service
new file mode 100644
index 00000000..a33aebe4
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-docker.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=rclone r2 system service (docker)
+After=network-online.target
+
+[Service]
+Type=simple
+User=docker
+ExecStart=/usr/local/bin/rclone-mount "docker" "docker" "r2-docker"
+ExecStop=/bin/fusermount -u /mnt/r2-docker
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=default.target
diff --git a/dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-{{ .user.username }}.service.tmpl b/dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-{{ .user.username }}.service.tmpl
new file mode 100644
index 00000000..696a783c
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-{{ .user.username }}.service.tmpl	
@@ -0,0 +1,15 @@
+[Unit]
+Description=rclone r2 user service ({{ .user.username }})
+After=network-online.target
+
+[Service]
+Type=simple
+User={{ .user.username }}
+ExecStartPre=/usr/bin/mkdir /home/{{ .user.username }}/.local/mnt/r2
+ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "r2"
+ExecStop=/bin/fusermount -u /home/{{ .user.username }}/.local/mnt/r2
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=default.target
diff --git a/dotfiles/.local/share/chezmoi/home/dot_ssh/id_rsa.pub b/dotfiles/.local/share/chezmoi/system-linux/mnt/private_r2-docker/remove_dot_gitkeep
similarity index 100%
rename from dotfiles/.local/share/chezmoi/home/dot_ssh/id_rsa.pub
rename to dotfiles/.local/share/chezmoi/system-linux/mnt/private_r2-docker/remove_dot_gitkeep
diff --git a/dotfiles/.local/share/chezmoi/system-linux/usr/local/bin/executable_rclone-mount b/dotfiles/.local/share/chezmoi/system-linux/usr/local/bin/executable_rclone-mount
new file mode 100644
index 00000000..b90ffbe9
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/system-linux/usr/local/bin/executable_rclone-mount
@@ -0,0 +1,60 @@
+#!/usr/bin/env sh
+
+### Variables
+TYPE="$1"
+USER="$2"
+MOUNT="$3"
+if [ "$TYPE" = 'user' ]; then
+  CACHE_FOLDER="/home/$USER/.cache/rclone"
+  CONFIG_FOLDER="/home/$USER/.config/rclone"
+  LOG_FOLDER="/home/$USER/.local/log"
+  LOG_FILE="$LOG_FOLDER/$MOUNT.log"
+  MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
+elif [ "$TYPE" = 'docker' ]; then
+  CACHE_FOLDER="/var/cache/rclone/$MOUNT"
+  CONFIG_FOLDER="/etc"
+  LOG_FOLDER="/var/log/rclone"
+  LOG_FILE="$LOG_FOLDER/$MOUNT.log"
+  MOUNT_PATH="/mnt/$MOUNT"
+else
+  CACHE_FOLDER="/var/cache/rclone"
+  CONFIG_FOLDER="/etc"
+  LOG_FOLDER="/var/log/rclone"
+  LOG_FILE="$LOG_FOLDER/$MOUNT.log"
+  MOUNT_PATH="/mnt/$MOUNT"
+fi
+
+### Ensure directories created
+if [ ! -d "$CACHE_FOLDER" ]; then
+  mkdir -p "$CACHE_FOLDER"
+fi
+if [ ! -d "$CONFIG_FOLDER" ]; then
+  mkdir -p "$CONFIG_FOLDER"
+fi
+if [ ! -d "$LOG_FOLDER" ]; then
+  mkdir -p "$LOG_FOLDER"
+fi
+if [ ! -d "$MOUNT_PATH" ]; then
+  mkdir -p "$MOUNT_PATH"
+fi
+
+### Mount
+ /usr/bin/rclone --config="$CONFIG_FOLDER/rclone.conf" \
+  mount \
+  --cache-tmp-upload-path="$CACHE_FOLDER/$MOUNT-upload" \
+  --cache-chunk-path="$CACHE_FOLDER/$MOUNT-chunks" \
+  --cache-workers=8 \
+  --cache-writes \
+  --cache-dir="$CACHE_FOLDER/$MOUNT-vfs" \
+  --cache-db-path="$CACHE_FOLDER/$MOUNT-db" \
+  --log-file="$LOG_FILE" \
+  --no-modtime \
+  --drive-use-trash \
+  --stats=0 \
+  --checkers=16 \
+  --bwlimit=40M \
+  --dir-cache-time=60m \
+  --vfs-cache-mode full \
+  --cache-info-age=60m \
+  --filter-from="$CONFIG_FOLDER/rcloneignore"
+  "$MOUNT":/ "$MOUNT_PATH"
diff --git a/dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep b/dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep
@@ -0,0 +1 @@
+
diff --git a/dotfiles/.local/share/chezmoi/system-linux/var/log/user/run_onchange_after-symlink-user-logs b/dotfiles/.local/share/chezmoi/system-linux/var/log/user/run_onchange_after-symlink-user-logs
new file mode 100644
index 00000000..2e039674
--- /dev/null
+++ b/dotfiles/.local/share/chezmoi/system-linux/var/log/user/run_onchange_after-symlink-user-logs
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# home directories: {{ output ("find" .host.homeParentFolder "-maxdepth" "1" "-type" "d" "|" "xargs" "echo") }}
+
+find /home -maxdepth 1 -type d | while read HOME_DIR; do
+  USER_FOLDER="$(echo "$HOME_DIR" | sed 's/\/\([^\/]*\)/\1/')"
+  if [ ! -d "/var/log/user/$USER_FOLDER" ] && [ -d "$HOME_DIR/.local/log" ]; then
+    sudo ln -s "$HOME_DIR/.local/log" "/var/log/user/$USER_FOLDER"
+  fi
+done