diff --git a/flake.lock b/flake.lock
index 5a567e2..d1dad05 100644
--- a/flake.lock
+++ b/flake.lock
@@ -544,11 +544,11 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1740938097,
-        "narHash": "sha256-3wKuEorlAQPRjF03q2co7/mUIAMoqSfDr3Wf0Ipl/+s=",
+        "lastModified": 1740942589,
+        "narHash": "sha256-ND33Zox6hj7DrcjtIEMuAZ7zwToy1iC3hmRjiWQclK4=",
         "ref": "refs/heads/main",
-        "rev": "7a7a965f15ec332625a9a21b5229e076db21f224",
-        "revCount": 5,
+        "rev": "764a6753bc3e24df936060f7314e9da9a29b06e5",
+        "revCount": 7,
         "type": "git",
         "url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
       },
diff --git a/hosts/sarien/configuration.nix b/hosts/sarien/configuration.nix
index 12eaa33..e133b08 100644
--- a/hosts/sarien/configuration.nix
+++ b/hosts/sarien/configuration.nix
@@ -13,6 +13,7 @@
     ./programs.nix
     ./stylix.nix
     ./users.nix
+    ./sops.nix
   ];
 
   desktop = {
diff --git a/hosts/sarien/hardware-conf.nix b/hosts/sarien/hardware-conf.nix
index 5029b02..0d39959 100644
--- a/hosts/sarien/hardware-conf.nix
+++ b/hosts/sarien/hardware-conf.nix
@@ -69,6 +69,10 @@
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 
+  services.thermald.enable = true;
+  services.upower.enable = true;
+  powerManagement.powertop.enable = true;
+
   services.udev.extraHwdb = ''
     evdev:input:b0011v0001p0001eAB83*
       KEYBOARD_KEY_d5=sysrq
diff --git a/hosts/sarien/sops.nix b/hosts/sarien/sops.nix
new file mode 100644
index 0000000..45f3202
--- /dev/null
+++ b/hosts/sarien/sops.nix
@@ -0,0 +1,24 @@
+{inputs, ...}: let
+  secretsPath = builtins.toString inputs.mysecrets;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age = {
+      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    secrets = {
+      "user-password-hashed" = {};
+      "ssh-private-sarien-user" = {
+        path = "/home/user/.ssh/id_ed25519";
+        mode = "0400";
+        owner = "user";
+      };
+    };
+  };
+}
diff --git a/hosts/sarien/stylix.nix b/hosts/sarien/stylix.nix
index 9d5d581..26af5d3 100644
--- a/hosts/sarien/stylix.nix
+++ b/hosts/sarien/stylix.nix
@@ -12,7 +12,7 @@
   ];
   stylix = {
     enable = true;
-    base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
     polarity = "dark";
     cursor = {
       package = pkgs.google-cursor;
@@ -20,10 +20,10 @@
       size = 24;
     };
     image = builtins.fetchurl {
-      url = "https://w.wallhaven.cc/full/57/wallhaven-573e81.png";
-      name = "wallhaven-573e81";
-      sha256 = "1ygsmmzk6icnvkr18s2r3mqh2kmigwb1424chji730cjhm8zc3cx";
-    }; # ../../wallpapers/wallhaven-jxmo1y.jpg;
+      url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
+      name = "wallhaven-9mwzwk";
+      sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
+    };
     opacity.terminal = 0.9;
     fonts = {
       sizes = {
diff --git a/hosts/sarien/users.nix b/hosts/sarien/users.nix
index f92dbe9..d165bdd 100644
--- a/hosts/sarien/users.nix
+++ b/hosts/sarien/users.nix
@@ -1,15 +1,24 @@
-{pkgs, ...}: {
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}: let
+  sopSec = config.sops.secrets;
+  secrets = inputs.mysecrets;
+in {
   nix.settings.trusted-users = ["user"];
+  users.mutableUsers = false;
   users.users = {
     user = {
+      hashedPasswordFile = sopSec."user-password-hashed".path;
       isNormalUser = true;
       extraGroups = ["wheel" "video" "libvirtd" "dialout"];
       shell = pkgs.fish;
+      openssh.authorizedKeys.keyFiles = [
+        "${secrets}/ssh/id_ed25519_sarien_user.pub"
+        "${secrets}/ssh/id_ed25519_eldrid_user.pub"
+      ];
     };
-    # work = {
-    #   isNormalUser = true;
-    #   extraGroups = ["video"];
-    #   shell = pkgs.nushell;
-    # };
   };
 }
diff --git a/hosts/sarien/users/user/flatpak.nix b/hosts/sarien/users/user/flatpak.nix
index 23f31e6..c5a2235 100644
--- a/hosts/sarien/users/user/flatpak.nix
+++ b/hosts/sarien/users/user/flatpak.nix
@@ -4,6 +4,7 @@
   ];
   services.flatpak = {
     enable = true;
+    uninstallUnmanaged = true;
     remotes = [
       {
         name = "flathub";
diff --git a/hosts/sarien/users/user/home-configuration.nix b/hosts/sarien/users/user/home-configuration.nix
index 0811d9d..9d5ec8e 100644
--- a/hosts/sarien/users/user/home-configuration.nix
+++ b/hosts/sarien/users/user/home-configuration.nix
@@ -1,5 +1,6 @@
 {inputs, ...}: {
   imports = with inputs; [
+    nix-index-database.hmModules.nix-index
     self.homeModules.desktop
     self.homeModules.programs
     ./programs.nix
diff --git a/hosts/sarien/users/user/programs.nix b/hosts/sarien/users/user/programs.nix
index 1d31f78..5e99840 100644
--- a/hosts/sarien/users/user/programs.nix
+++ b/hosts/sarien/users/user/programs.nix
@@ -7,6 +7,7 @@
 
   console.yazi.enable = true;
 
+  stylix.targets.fzf.enable = false;
   programs = {
     bat.enable = true;
     btop = {
@@ -15,7 +16,13 @@
     };
     eza.enable = true;
     fd.enable = true;
-    fzf.enable = true;
+    fzf = {
+      enable = true;
+      defaultOptions = ["--color=16"];
+    };
+    pay-respects.enable = true;
+    nix-index.enable = true;
+    nix-index-database.comma.enable = true;
     gitui.enable = true;
     git = {
       enable = true;
@@ -38,6 +45,7 @@
   editor = {
     helix.enable = true;
     neve.enable = true;
+    zed.enable = true;
   };
 
   home.packages = with pkgs; [
@@ -45,14 +53,16 @@
     flatpak # flatpak cli
     trashy # trash cli
     procs # ps in rust
+    ouch # archive manager in runt
     dust # du in rust
     fend # calc in rust
+    moar # better pager
     tree # tree util
     rbw # bitwarden cli in rust
-    zip # zip util
+    pinentry-qt # pinentry for rbw
     vial # qmk keyboard configuring app
-    unzip # unzip util
     waycheck # check wayland protocols
     virt-manager # libvirt gui
   ];
+  systemd.user.settings.Manager.DefaultEnvironment.PAGER = "moar";
 }
diff --git a/modules/home/desktop/hyprland/default.nix b/modules/home/desktop/hyprland/default.nix
index f6420ed..71e8db3 100644
--- a/modules/home/desktop/hyprland/default.nix
+++ b/modules/home/desktop/hyprland/default.nix
@@ -37,7 +37,10 @@ in {
       settings = {
         input = {
           kb_layout = "us,ua";
-          resolve_binds_by_sym = 0;
+          resolve_binds_by_sym =
+            if hostname == "dunamis"
+            then 1
+            else 0;
           repeat_rate = 50;
           repeat_delay = 300;
           # mouse
@@ -157,6 +160,8 @@ in {
             scroller = {
               column_widths = "onethird onehalf twothirds one";
               window_heights = "onethird onehalf twothirds one";
+              gesture_scroll_fingers = 3;
+              gesture_overview_fingers = 3;
               jump_labels_font = "${config.stylix.fonts.sansSerif.name}";
               jump_labels_color = "0xff${config.lib.stylix.colors.base0A}";
             };
@@ -364,7 +369,7 @@ in {
           "$mod ALT, mouse:272, resizewindow"
         ];
         gestures = {
-          workspace_swipe = true;
+          workspace_swipe = false;
           workspace_swipe_fingers = 3;
           workspace_swipe_distance = 300;
         };