diff --git a/home/lilith/stylix.nix b/home/lilith/stylix.nix
index 7abb8d3b..02bffc23 100644
--- a/home/lilith/stylix.nix
+++ b/home/lilith/stylix.nix
@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   stylix.targets = {
     firefox.enable = true;
   };
diff --git a/secrets/default.yaml b/secrets/default.yaml
new file mode 100644
index 00000000..8f067073
--- /dev/null
+++ b/secrets/default.yaml
@@ -0,0 +1,44 @@
+ssh:
+    nixremote:
+        public: ENC[AES256_GCM,data:cpgaIleEj+S0AdPnZQ0HeOS44SZNRljSCzi2uzMfA/vb4rmXWPqE+Yh0yG+UD0UThEYmVkZnvK5JNps2lTvp3Dqo92rYLQrn14vFP8yCQMU=,iv:9R5n3yE5yx0JLESRqax2ZWuYFR2XT1Xd882BU/SnAdQ=,tag:IIykViHleEO2lgu1Tjz5pw==,type:str]
+        private: ENC[AES256_GCM,data:7nT/pKf9rfUDQrRgXH/trJ7jv7C+1L71ZiAWK8uKbfYyonHzq3EJZ5hjSiP+9NFa1qoisL3JH/cv5kuDR8FZFLVTv0+oLW55YPD7SOAzVAeL45cnHzgaVvz7CCikve3ZtGHKurqyUcN7MXKDOqwnuQ1tcvzhAmfDBWwbnheUylmokBq20+eivjQ7AGt1lc0e0J2tpEZDdlUOrVFQd0QdoGBGOnadh/yA6fARfZb9oOYryooV1cGhlzoJNQ9/jXEasIDN+GDaNRpvXK5bvWKBNVmNF4QLnt9wJjIVfnpG6IrJJ2yduecgwAFnKj5Gn7NAkJ9RJzE0ysHLWYnIZWm8TGaBaphQLsmd6VJ/47nAiwfAGVoaCWI45lAFwEu9eEdbZn9joQvBFGsE6TEBbjb/JDWSzHFFwFDHNsApIs0w1FN6qEea2BoI6VINgwgzzcyV7XJNPqHd9KFQSSe7eqKAl6OiCGRxrF2pLzTohX/NCDkorkfdDLJ/DlEe+8B+Qe+IGDNtnbzLGDftI+GWYsSyjrUwGXcTSq1meIBB,iv:UBQb9m85xeYioV7VDi5tr7T75MTG9yddBMXASRwvq3A=,tag:1fkwUF1ZuvxNU6ntoXGk0w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3U1h5dy8xRkc5YUY2Si91
+            dU81eEtjTzVDa2N2My9ycmp1aFRweHcwcTJjClJhY1laNmp5ZG9VN1UwTGdGMVZo
+            N1luQldHNzBYb2dpRGQrbkFwc1V4YUEKLS0tIGxzQU9QUHVzWWt5UnNLT0lYMnpJ
+            TnFFQXNEUDZTdVlOVkV2RVQyaWRRcEUKb/3gZ4lIfWeb6fXcUgdizdG158tpv0hm
+            objc1wG5HjIGiIZoJSvGmI5PnZzmKf8LFjMMfUP2m2JUVpOFKL2baQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1pyav93usza3s363g56687yxh9jmp364w32gs77le7t0cgg7jveyq4zcl6v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2S0pYL1kwZ2M4VkZWQ3Bl
+            WHdUUDJjOVQ3TkZWRDVGMkJoTnJPWkRWQlM0Cks1SVAwV0M3K3dHRkNHd3JvSEFF
+            QzNCa0ZFWWRLdkhOY0UrZHJNTVFrZEkKLS0tIGtaM2QwK1V3TUxlYkRyWTM3THls
+            endmMkVMRjgvb05ycS9SamFOUk54QVUKB7eaUO/4Ttxjtt3/ZoryQiHeodnTcqHy
+            7Z4xQ21bWqDK3Bw/IaYsMEu1GJ5ZR7KcNENnuoU8wza3ymLv60Xzgw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-17T17:44:37Z"
+    mac: ENC[AES256_GCM,data:ws3pqokNCWVxXgXOFI8mDZQ9XTY1G8WZEEVzk3mD/+ERynLoD4xcPHL5tu3EisPBNIe90olnQy7/FwN8ZOkUl7UWjTPfCOPBqpY8P253YHz5mSdBp3U+9x16nbQHXH2InTzQQwbj7Z2Uz6kzz7Tk8tg8x+zli8lqWwFdpqv7p2k=,iv:Eqw4Q4Yy8/Yq8avXJ3na3lnu275YLvnacjluB++ta54=,tag:FcJDDJtPLm4pCG7ZKWCK0Q==,type:str]
+    pgp:
+        - created_at: "2025-03-17T17:42:02Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DCgMW7d7co2gSAQdA6aDjYqTJFftxYboMahLPLvKcqzy++N+t6iKVR0J0k2sw
+            HroxiisYugH8mXue6VkCprlXiNt0M61gDLK1EeiUpN3FqqTxkKiKzF/kQRTrHJGU
+            0l4BwaRyJyL+2Of0SwmB8rKfeVqSGW/PExZnrRrTRYxqxxaZwqNHqFxlQBC+COBg
+            u/h2KP2NCz5O5Pt1rjPWxlLcz0TsxPH8a4HiBQfmiwM91dowvq+6mWVcwW5NAmf5
+            =EnO5
+            -----END PGP MESSAGE-----
+          fp: 3586D8D6689B9C9ECD598C588712A0F317C37175
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4
diff --git a/system/core/ssh.nix b/system/core/ssh.nix
index 3aeb7287..bf68f6eb 100644
--- a/system/core/ssh.nix
+++ b/system/core/ssh.nix
@@ -1,11 +1,24 @@
-{...}: {
-  networking.firewall.allowedTCPPorts = [22];
+{ ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  sops.secrets."ssh/nixremote/private" = {
+    sopsFile = ../../secrets/default.yaml;
+    path = "/root/.ssh/nixremote";
+  };
+
   services.openssh = {
     enable = true;
-    ports = [22];
+    ports = [ 22 ];
     settings = {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
     };
+    extraConfig = ''
+      Host lilith-server-builder
+        HostName 2a01:4f9:4a:1ecb::2
+        User nixremote
+        IdentityFile /root/.ssh/nixremote
+    '';
   };
 }
diff --git a/system/optional/desktop.nix b/system/optional/desktop.nix
index 1d634829..ab6ed1e0 100644
--- a/system/optional/desktop.nix
+++ b/system/optional/desktop.nix
@@ -1,15 +1,23 @@
-{ config, lib, ...}: {
+{
+  config,
+  lib,
+  pkgs,
+  hyprland,
+  ...
+}:
+{
   options.desktop.enable = lib.mkEnableOption "Enable Wayland compositor with hyprland login";
 
   config = lib.mkIf config.desktop.enable {
     hardware.graphics.enable = true;
-  
+
     security.polkit.enable = true;
-    security.pam.services.hyprlock = {};
+    security.pam.services.hyprlock = { };
 
     services.dbus.enable = true;
 
     programs.hyprland.enable = true;
+    programs.hyprland.package = hyprland.packages.${pkgs.stdenv.system}.hyprland;
 
     services.greetd = {
       enable = true;
diff --git a/system/optional/stylix.nix b/system/optional/stylix.nix
index 43a9e157..70911a58 100644
--- a/system/optional/stylix.nix
+++ b/system/optional/stylix.nix
@@ -54,6 +54,7 @@
       cursor = {
         package = pkgs.rose-pine-cursor;
         name = "Rosé Pine";
+        size = 10;
       };
     };
   };