diff --git a/flake.lock b/flake.lock
index 71eb359..44bbaf9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1703433843,
+        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "crane": {
       "inputs": {
         "nixpkgs": [
@@ -21,9 +42,31 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1694529238,
@@ -43,7 +86,7 @@
       "inputs": {
         "crane": "crane",
         "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "rust-overlay": "rust-overlay"
       },
       "locked": {
@@ -62,6 +105,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -98,6 +162,22 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1703013332,
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1700794826,
         "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
@@ -113,7 +193,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1704538339,
         "narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
@@ -146,10 +226,11 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "helix": "helix",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nur": "nur"
       }
     },
@@ -192,6 +273,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 848c253..8be72e6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,6 +23,7 @@
     };
     nixos-hardware.url = "github:NixOs/nixos-hardware/master";
     nur.url = "github:nix-community/nur";
+    agenix.url = "github:ryantm/agenix";
   };
 
   # pass in the urls defined above
@@ -34,6 +35,7 @@
     helix,
     nixos-hardware,
     nur,
+    agenix,
     ...
   } @ inputs: let
     system = "x86_64-linux";
@@ -53,6 +55,13 @@
         };
       }
     ];
+    common =
+      [
+        ./modules/nixos-common.nix
+        {nixpkgs.overlays = overlays;}
+        agenix.nixosModules.default
+      ]
+      ++ home-manager-config ./users/tacocat/home.nix;
   in {
     # desktop
     nixosConfigurations."bicep" = nixpkgs.lib.nixosSystem {
@@ -61,10 +70,8 @@
       modules =
         [
           ./hosts/bicep/configuration.nix
-          ./modules/nixos-common.nix
-          {nixpkgs.overlays = overlays;}
         ]
-        ++ home-manager-config ./users/tacocat/home.nix;
+        ++ common;
     };
 
     # laptop
@@ -74,11 +81,9 @@
       modules =
         [
           ./hosts/jwst/configuration.nix
-          ./modules/nixos-common.nix
           nixos-hardware.nixosModules.dell-xps-15-9520
-          {nixpkgs.overlays = overlays;}
         ]
-        ++ home-manager-config ./users/tacocat/home.nix;
+        ++ common;
     };
 
     formatter.${system} = pkgs.alejandra;
diff --git a/modules/nixos-common.nix b/modules/nixos-common.nix
index 08df789..ca2c9b6 100644
--- a/modules/nixos-common.nix
+++ b/modules/nixos-common.nix
@@ -54,6 +54,10 @@
   security.rtkit.enable = true;
   services.resolved.enable = true;
   services.udisks2.enable = true;
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+  };
 
   # ------------ Nix ------------