diff --git a/.sops.yaml b/.sops.yaml
index d9aea7c..c44d6eb 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,7 +2,7 @@ keys:
   - &thinkpad age1j66v6z6hlsgqjfv5fz7fldm5q9jay4j5v5du6ymfda6hv40nsqesg89g7p
   - &desktop age1fxr5s6d6ar0xy5pr63kpq93tk7jha5k96jcxnyquj6s2mw8mmcpss8w29w
   - &pi4 age1xlnprpvshv93eerthxzg6cahklsfc4efh8dd6u8dte9u6cl0u5qsz48qlt
-  - &nidaros age1pcxrxnzf4f5kjtfxec8s602mrqm6qx8dtd29k24fh4r22vs36ctqek036p
+  - &nidaros age1sf8tspnmyj2cn6gmzdfuh2vt00tmeqa0vf23rn5s44s9avafsd7sz6wgql
 creation_rules:
   - path_regex: shared/secrets/secrets.yaml$
     key_groups:
diff --git a/flake.nix b/flake.nix
index d034059..2e0b626 100644
--- a/flake.nix
+++ b/flake.nix
@@ -93,7 +93,7 @@
         {
           hostName = "nidaros";
           wayland.enable = false;
-          ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyV/6eHdRRiS6O9APT6lXGv/FWKDNkF274xW3/vbb9A";
+          ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
           address.private = common.localIpAddr 228;
         }
 
diff --git a/hosts/nidaros/default.nix b/hosts/nidaros/default.nix
index aaaafbb..053df10 100644
--- a/hosts/nidaros/default.nix
+++ b/hosts/nidaros/default.nix
@@ -5,9 +5,11 @@
     (relativeToBase "modules")
     ./boot.nix
     ./hardware.nix
+    ./security
   ];
 
   # Temp fix to not override password until sops have been implemented
+  users.mutableUsers = lib.mkForce true;
   users.users.${systemConfig.username}.hashedPasswordFile = lib.mkForce null;
 
 }
diff --git a/hosts/nidaros/hardware.nix b/hosts/nidaros/hardware.nix
index 1b011b2..1bc1c44 100644
--- a/hosts/nidaros/hardware.nix
+++ b/hosts/nidaros/hardware.nix
@@ -17,6 +17,7 @@
     "xhci_pci"
     "ahci"
     "nvme"
+    "usb_storage"
     "usbhid"
     "sd_mod"
   ];
@@ -25,12 +26,12 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/27a8c7df-442b-423e-9e0a-5ed9571a81ed";
+    device = "/dev/disk/by-uuid/dfade67a-9cbe-4002-990a-2cd22b8e57fa";
     fsType = "ext4";
   };
 
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/63B5-A86A";
+    device = "/dev/disk/by-uuid/66F7-BE0A";
     fsType = "vfat";
     options = [
       "fmask=0077"
diff --git a/hosts/nidaros/home-manager/default.nix b/hosts/nidaros/home-manager/default.nix
index cda1801..0dd4784 100644
--- a/hosts/nidaros/home-manager/default.nix
+++ b/hosts/nidaros/home-manager/default.nix
@@ -4,6 +4,6 @@
   imports = with lib.custom; [
     (relativeToBase "home-manager")
   ];
-  home.stateVersion = "25.05";
+  # TODO change
   programs.git.signing.key = "E4E751ECB68CD7BF";
 }
diff --git a/shared/secrets/secrets.yaml b/shared/secrets/secrets.yaml
index e3c77c0..5366fa7 100644
--- a/shared/secrets/secrets.yaml
+++ b/shared/secrets/secrets.yaml
@@ -40,7 +40,7 @@ sops:
             SGdNMnVlQlNEeVJkWmZEM1FRT2JJMGMKbZ/znJM6tFhzhHariRXMLgH/4CRZZKrb
             YtmSdeL/Pd5YIecCpjDHDn4vQ0TBAmLaX+zVbNbRKmMZoY7777ywfA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-13T19:55:00Z"
-    mac: ENC[AES256_GCM,data:cGs3dYORe+2g3D4PaH6SVUs3TbH+1jgD7KhGlqN8yZ8uEW08KhPSkLxv/1+vDD1Q//F6VtKJKx8sG7N+/rMds9efykhT55Q+lIFNFmZliPF53n5FP9wEPpveKxR9jckXCpBpt4o3kwCalPCnAcU+UfGvhNVx15WiQ0WCL/8nfVo=,iv:xuOjNRFp06MBE9ay5pD8VKVaTM3cxS/LKVMVclz+nl8=,tag:qknZPMu5XgyZ5ALdkN1VLQ==,type:str]
+    lastmodified: "2025-10-14T16:23:55Z"
+    mac: ENC[AES256_GCM,data:OSXyioM/tmvPWuWK1T8z1A5pM863WjBc3J19fSQK0l4tR1ps5jD6VaL3MkFOcYum1236qqLnjE1+8yo16hfuE3+oWyJcsyYP4CcIKvSUTUnPEnt2aXX71GxU3rd5nHpZVmnHLoFCDdZYyI4M1yLcKPbqX4itcUwYZWnjn5jQ7zE=,iv:6yuvJrKHpcbbFa6QOFcHwllzaw+2BRA3o37cq4AaRA8=,tag:cOtnjpvbw9w23liIfD8Aug==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2