diff --git a/flake.lock b/flake.lock
index 000c46f..b81fd9b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -188,11 +188,11 @@
         "lastModified": 1731402384,
         "narHash": "sha256-OwUmrPfEehLDz0fl2ChYLK8FQM2p0G1+EMrGsYEq+6g=",
         "type": "tarball",
-        "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip"
+        "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip"
       },
       "original": {
         "type": "tarball",
-        "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip"
+        "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip"
       }
     },
     "indigo": {
@@ -351,11 +351,11 @@
         "sqlite-lib-src": "sqlite-lib-src"
       },
       "locked": {
-        "lastModified": 1776427995,
-        "narHash": "sha256-bUR/cHqZP1zigWCo59KFF+F6UDuGM9q5CiFHdvnvSO8=",
+        "lastModified": 1777129244,
+        "narHash": "sha256-4+f+RrVXbtBRuffJg6QyANOc/H9MMpp9PjnxwlUU6Hk=",
         "ref": "refs/heads/master",
-        "rev": "956f97c314517efbfa18d04ce8e0234e6609a30a",
-        "revCount": 2250,
+        "rev": "6a27cd259b67bdad85e8d82a31543cc11c309fc6",
+        "revCount": 2274,
         "type": "git",
         "url": "https://tangled.org/@tangled.org/core"
       },
diff --git a/hosts/asusmini/auto-update.nix b/hosts/asusmini/auto-update.nix
index efddb44..0a7d4fb 100644
--- a/hosts/asusmini/auto-update.nix
+++ b/hosts/asusmini/auto-update.nix
@@ -3,23 +3,33 @@
 {
   systemd.services.auto-update = {
     description = "Auto-update NixOS configuration";
-    path = with pkgs; [ git nix openssh ];
-    
+    path = with pkgs; [
+      git
+      nix
+      openssh
+    ];
+
     serviceConfig = {
       Type = "oneshot";
       User = "root";
       WorkingDirectory = "/etc/commonscomputing-nix";
     };
-    
+
     script = ''
       set -e
-      
+
       echo "Pulling latest changes..."
       git pull
-      
+
       echo "Updating flake inputs..."
       nix flake update
-      
+
+      # Explicitly update tangled so we always pull the latest knot/spindle
+      # builds, even if other inputs are pinned or the general update is
+      # later restricted. tangled.org/@tangled.org/core moves quickly and
+      # we want to track master.
+      nix flake update tangled
+
       # Check if there are changes to commit
       if ! git diff --quiet flake.lock; then
         echo "Committing flake.lock updates..."
@@ -31,13 +41,13 @@
       else
         echo "No flake.lock changes to commit"
       fi
-      
+
       echo "Rebuilding system..."
       if ! ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake .#asusmini; then
         echo "Build/switch failed, staying on current generation"
         exit 1
       fi
-      
+
       echo "Auto-update completed successfully"
     '';
   };
@@ -46,12 +56,12 @@
     description = "Auto-update timer";
     wantedBy = [ "timers.target" ];
     timerConfig = {
-      OnCalendar = "weekly";  # Run weekly, adjust as needed
-      Persistent = true;  # Run on boot if missed
-      RandomizedDelaySec = "1h";  # Add some randomness
+      OnCalendar = "weekly"; # Run weekly, adjust as needed
+      Persistent = true; # Run on boot if missed
+      RandomizedDelaySec = "1h"; # Add some randomness
     };
   };
-  
+
   # TODO: Set up SSH key for git push access
   # Options:
   # 1. Deploy key with write access to the repo