diff --git a/.sops.yaml b/.sops.yaml
index 25ae30a..971baf8 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -16,6 +16,12 @@ keys:
       - &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
       - &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
 creation_rules:
+  - path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *caperren
+          - *cap_slim7
+          - *cap_nr200p
   - path_regex: secrets/default.yaml$
     key_groups:
       - age:
diff --git a/flake.nix b/flake.nix
index 04e5e61..9bb69e3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -28,6 +28,7 @@
     {
       nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-01/configuration.nix
           sops-nix.nixosModules.sops
@@ -36,6 +37,7 @@
       };
       nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-02/configuration.nix
           sops-nix.nixosModules.sops
@@ -44,6 +46,7 @@
       };
       nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-03/configuration.nix
           sops-nix.nixosModules.sops
@@ -52,6 +55,7 @@
       };
       nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-04/configuration.nix
           sops-nix.nixosModules.sops
@@ -60,6 +64,7 @@
       };
       nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-05/configuration.nix
           sops-nix.nixosModules.sops
@@ -68,6 +73,7 @@
       };
       nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-06/configuration.nix
           sops-nix.nixosModules.sops
@@ -76,6 +82,7 @@
       };
       nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-07/configuration.nix
           sops-nix.nixosModules.sops
@@ -84,6 +91,7 @@
       };
       nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-08/configuration.nix
           sops-nix.nixosModules.sops
@@ -92,6 +100,7 @@
       };
       nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-clust-09/configuration.nix
           sops-nix.nixosModules.sops
@@ -101,9 +110,7 @@
 
       nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        specialArgs = {
-          inherit inputs;
-        };
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-slim7/configuration.nix
           sops-nix.nixosModules.sops
@@ -114,10 +121,11 @@
 
       nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
         modules = [
           ./hosts/cap-nr200p/configuration.nix
-          sops-nix.nixosModules.sops
           inputs.home-manager.nixosModules.default
+          sops-nix.nixosModules.sops
         ];
       };
     };
diff --git a/modules/application-groups/k3s-secondary.nix b/modules/application-groups/k3s-secondary.nix
index 89f2b72..138e846 100644
--- a/modules/application-groups/k3s-secondary.nix
+++ b/modules/application-groups/k3s-secondary.nix
@@ -1,9 +1,11 @@
 { config, pkgs, ... }:
 {
+  sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
+
   services.k3s = {
     enable = true;
     role = "server"; # Or "agent" for worker only nodes
-    token = "forinitialtestingonly";
+    tokenFile = config.sops.secrets.k3s_token.path;
     serverAddr = "https://cap-clust-01:6443";
   };
 }
diff --git a/modules/system/home-manager-settings.nix b/modules/system/home-manager-settings.nix
index a1c70da..84819c4 100644
--- a/modules/system/home-manager-settings.nix
+++ b/modules/system/home-manager-settings.nix
@@ -1,5 +1,11 @@
 { inputs, ... }:
 {
-  home-manager.useGlobalPkgs = true;
-  home-manager.backupFileExtension = "bkp";
+  home-manager = {
+    useGlobalPkgs = true;
+    backupFileExtension = "bkp";
+    sharedModules = [
+      inputs.sops-nix.homeManagerModules.sops
+    ];
+  };
+
 }
diff --git a/users/caperren/caperren.nix b/users/caperren/caperren.nix
index be3bde6..6637d7e 100644
--- a/users/caperren/caperren.nix
+++ b/users/caperren/caperren.nix
@@ -25,8 +25,8 @@ in
       "wheel"
     ];
     openssh.authorizedKeys.keys = [
-        sshDesktopPubkey
-        sshLaptopPubkey
+      sshDesktopPubkey
+      sshLaptopPubkey
     ];
   };
 
@@ -58,6 +58,8 @@ in
       };
     };
 
+    programs.ssh.enable = true;
+
     # Assets/scripts
     home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
     home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;