diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix
index f7fdbab..a62b9fe 100644
--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@@ -1,30 +1,31 @@
 {inputs, ...}: let
-  systems = {
-    # eidola = import ./eidola {inherit inputs;};
-    silver = import ./silver {inherit inputs;};
-  };
+  systems = ["silver"];
 
   inherit (inputs.nixpkgs) lib;
 
   makeNixosConfigurations = systems:
-    lib.mapAttrs
-    (name: system:
-      lib.nixosSystem {
-        inherit (system) system;
+    lib.listToAttrs (lib.map
+      (name: let
+        system = import ./${name} {inherit inputs;};
+      in {
+        inherit name;
+        value = lib.nixosSystem {
+          inherit (system) system;
 
-        modules =
-          system.modules
-          ++ [
-            {
-              _module.args = {
-                inherit inputs;
-              };
-            }
+          modules =
+            system.modules
+            ++ [
+              {
+                _module.args = {
+                  inherit inputs;
+                };
+              }
 
-            ../modules
-          ];
+              ../modules
+            ];
+        };
       })
-    systems;
+      systems);
 
   makeDeployRsNodes = systems:
     lib.mapAttrs
diff --git a/nixos/hosts/eidola/disk-config.nix b/nixos/hosts/eidola/disk-config.nix
index 2be70fb..4ddb230 100644
--- a/nixos/hosts/eidola/disk-config.nix
+++ b/nixos/hosts/eidola/disk-config.nix
@@ -22,7 +22,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["defaults"];
+                mountOptions = ["defaults" "umask=0077"];
               };
             };
 
diff --git a/nixos/hosts/silver/disk-config.nix b/nixos/hosts/silver/disk-config.nix
index e33e7d7..f46d17a 100644
--- a/nixos/hosts/silver/disk-config.nix
+++ b/nixos/hosts/silver/disk-config.nix
@@ -22,7 +22,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
-                mountOptions = ["defaults"];
+                mountOptions = ["defaults" "umask=0077"];
               };
             };
 
diff --git a/nixos/hosts/silver/secrets.nix b/nixos/hosts/silver/secrets.nix
index 0e29d19..d759f5c 100644
--- a/nixos/hosts/silver/secrets.nix
+++ b/nixos/hosts/silver/secrets.nix
@@ -1,5 +1,5 @@
 {...}: {
-  sops = { 
+  sops = {
     defaultSopsFile = ../../../secrets/silver.yaml;
     age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
 
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 922a65e..3283c01 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,5 +1,6 @@
 {
   inputs,
+  config,
   pkgs,
   ...
 }: {
@@ -40,16 +41,17 @@
       dates = ["daily"];
     };
 
-    # Make sure flakes are enabled
-    settings.experimental-features = ["nix-command" "flakes"];
+    settings = {
+      # Make sure flakes are enabled
+      experimental-features = ["nix-command" "flakes"];
+      flake-registry = "";
+      nix-path = config.nix.nixPath;
+      # Trust wheel
+      trusted-users = ["@wheel"];
+    };
     extraOptions = ''
       keep-outputs = true
       keep-derivations = true
-
-      flake-registry = ${builtins.toFile "flake-registry" (builtins.toJSON {
-        version = 2;
-        flakes = [];
-      })}
     '';
     nixPath = ["nixpkgs=${pkgs.path}"];
     registry = {