diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 754dfe9..bd7e726 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -13,10 +13,10 @@ jobs:
     runs-on: macos-12
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Packer cache
-      uses: actions/cache@v2
+      uses: actions/cache@v3
       with:
         path: ~/.cache/packer
         key: ${{ runner.os }}-packer
@@ -28,13 +28,13 @@ jobs:
       run: sed -i '' '/localhostreachable/d' foundry-appliance.pkr.hcl
 
     - name: Build VirtualBox OVF image
-      uses: nick-invision/retry@v2
+      uses: nick-fields/retry@v2
       env:
         GITHUB_PULL_REQUEST: ${{ github.event.number }}
       with:
         timeout_minutes: 40
         max_attempts: 5
-        command: ./build-appliance virtualbox
+        command: ./build-appliance virtualbox -force
 
     - name: Get build_name from OVF file
       run: echo "build_name=$(sh -c "find . -name '*.ovf' | xargs basename -s '.ovf'")" >> $GITHUB_ENV
diff --git a/foundry-appliance.pkr.hcl b/foundry-appliance.pkr.hcl
index f5a55cb..eb95b39 100644
--- a/foundry-appliance.pkr.hcl
+++ b/foundry-appliance.pkr.hcl
@@ -14,9 +14,10 @@ source "virtualbox-iso" "foundry-appliance" {
   rtc_time_base        = "UTC"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "30m"
+  ssh_timeout          = "20m"
   ssh_username         = "${var.ssh_username}"
   vboxmanage           = [
+                           ["modifyvm", "{{.Name}}", "--vram", "${local.video_memory}"],
                            ["modifyvm", "{{.Name}}", "--nat-localhostreachable1", "on"],
   ]
   vm_name              = "foundry-appliance-${var.appliance_version}"
@@ -37,7 +38,7 @@ source "vmware-iso" "foundry-appliance" {
   output_directory     = "output-vmware"
   shutdown_command     = "${local.shutdown_command}"
   ssh_password         = "${var.ssh_password}"
-  ssh_timeout          = "30m"
+  ssh_timeout          = "20m"
   ssh_username         = "${var.ssh_username}"
   version              = "14"
   vm_name              = "foundry-appliance-${var.appliance_version}"
@@ -62,7 +63,7 @@ source "vsphere-iso" "foundry-appliance" {
   RAM              = "${local.memory}"
   shutdown_command = "${local.shutdown_command}"
   ssh_password     = "${var.ssh_password}"
-  ssh_timeout      = "30m"
+  ssh_timeout      = "20m"
   ssh_username     = "${var.ssh_username}"
   storage {
     disk_size             = "${local.disk_size}"
@@ -70,6 +71,7 @@ source "vsphere-iso" "foundry-appliance" {
   }
   username       = "${var.vsphere_username}"
   vcenter_server = "${var.vcenter_server}"
+  video_ram      = "${local.video_memory}"
   vm_name        = "foundry-appliance-${var.appliance_version}"
 }
 
diff --git a/foundry/ingress-nginx.values.yaml b/foundry/ingress-nginx.values.yaml
index c826f3f..278adc1 100644
--- a/foundry/ingress-nginx.values.yaml
+++ b/foundry/ingress-nginx.values.yaml
@@ -205,10 +205,10 @@ controller:
 
   # -- The update strategy to apply to the Deployment or DaemonSet
   ##
-  updateStrategy: {}
+  updateStrategy:
   #  rollingUpdate:
   #    maxUnavailable: 1
-  #  type: RollingUpdate
+    type: Recreate
 
   # -- `minReadySeconds` to avoid killing pods before we are ready
   ##
@@ -907,6 +907,7 @@ imagePullSecrets: []
 ##
 tcp:
   2049: "common/nfs-server-provisioner:2049"
+  #5432: "common/postgresql:5432"
 
 # -- UDP service key:value pairs
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
diff --git a/foundry/scripts/enable-dev-mode b/foundry/scripts/enable-dev-mode
new file mode 100755
index 0000000..c85c9b5
--- /dev/null
+++ b/foundry/scripts/enable-dev-mode
@@ -0,0 +1,81 @@
+#!/bin/bash -e
+#
+# Copyright 2022 Carnegie Mellon University.
+# Released under a BSD (SEI)-style license, please see LICENSE.md in the
+# project root or contact permission@sei.cmu.edu for full terms.
+#
+# Install window manager, VS Code, and other development tools
+
+USER_SESSION_PATH=/var/lib/AccountsService/users/foundry
+
+if [[ $UID == 0 ]]; then
+    echo "Please run this script without sudo:"
+    echo "$1 $2"
+    exit 1
+fi
+
+echo
+echo "Installing XFCE window manager, VS Code, and other development tools..."
+echo
+
+# Install repositories
+wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
+sudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg
+sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'
+rm -f packages.microsoft.gpg
+sudo apt-get update
+
+# Install XCFE window manager
+sudo apt-get install -y task-xfce-desktop open-vm-tools-desktop
+
+# Remove light-locker as workaround for lock screen input issue:
+# https://bugs.launchpad.net/ubuntu/+source/xfce4-screensaver/+bug/1875025
+sudo apt-get purge -y light-locker
+sudo apt-get autoremove -y
+
+# Disable screensaver and lock screen
+xfconf-query -c xfce4-screensaver -np /saver/enabled -t bool -s false
+xfconf-query -c xfce4-screensaver -np /lock/enabled -t bool -s false
+
+# Fix "Failed to start session" during XFCE login:
+# https://askubuntu.com/a/1414650
+if [ -e $USER_SESSION_PATH ]; then
+    sudo sed -i -r "s/(Session=).*/\1xfce/g" $USER_SESSION_PATH
+else
+    sudo bash -c "cat > $USER_SESSION_PATH <<EOF
+[User]
+Session=xfce
+XSession=xfce
+Icon=/home/foundry/.face
+SystemAccount=false
+EOF"
+fi
+
+# Install Tailscale for remote access
+curl -fsSL https://tailscale.com/install.sh | sh
+
+# Enable external PostgreSQL access
+sed -i -r "s/#(5432:)/\1/" ~/foundry/ingress-nginx.values.yaml
+helm upgrade -n foundry -f ~/foundry/ingress-nginx.values.yaml ingress-nginx ingress-nginx/ingress-nginx
+
+# Install VS Code
+sudo apt-get install -y code
+code --install-extension Angular.ng-template
+code --install-extension GitHub.vscode-pull-request-github
+code --install-extension ms-kubernetes-tools.vscode-kubernetes-tools
+code --install-extension ms-dotnettools.csharp
+
+if [[ "$1" == "--vim" ]]; then
+  code --install-extension vscodevim.vim
+  echo
+  echo "--vim option enabled. Prepare to dominate."
+else
+  echo
+  echo "It's never too late to learn. https://vim-adventures.com/"
+  echo
+  echo "Run '$0 --vim' when you're ready for prime time."
+fi
+
+echo
+echo "Dev mode enabled. Reboot to start the XFCE window manager."
+echo
diff --git a/setup-appliance b/setup-appliance
index 3f4bc66..f9a57f8 100644
--- a/setup-appliance
+++ b/setup-appliance
@@ -19,8 +19,8 @@ sed -i -r 's/(\/swap\.img.*)/#\1/' /etc/fstab
 # Add new repositories and upgrade existing Ubuntu packages
 curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
 echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
-curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
-echo "deb https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/helm.gpg > /dev/null
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
 apt-get update
 apt-get full-upgrade -y
 
@@ -58,7 +58,15 @@ network:
 EOF
 netplan apply
 
-apt-get install -y dnsmasq avahi-daemon jq nfs-common sshpass kubectl helm pwgen
+apt-get install -y dnsmasq avahi-daemon jq nfs-common sshpass kubectl helm pwgen build-essential
+
+# Install VirtualBox Guest Additions
+if [ -f "~/VBoxGuestAdditions.iso" ]; then
+    mount -o loop ~/VBoxGuestAdditions.iso /mnt
+    /mnt/VBoxLinuxAdditions.run
+    umount /mnt
+    rm ~/VBoxGuestAdditions.iso
+fi
 
 # Install k3s
 mkdir -p /etc/rancher/k3s
diff --git a/variables.pkr.hcl b/variables.pkr.hcl
index e7ff727..de8bf69 100644
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@@ -53,9 +53,10 @@ locals {
   "<f10><wait>"
   ]
   cpus             = 2
-  disk_size        = 30000
-  iso_url          = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso"
+  disk_size        = 40000
+  iso_url          = "https://releases.ubuntu.com/jammy/ubuntu-22.04.1-live-server-amd64.iso"
   iso_checksum     = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
   memory           = 4096
   shutdown_command = "echo '${var.ssh_password}'|sudo -S shutdown -P now"
+  video_memory     = 32
 }