diff --git a/hosts/nixos/configuration.nix b/hosts/nixos/configuration.nix
index 97bc9dd..a2c51bf 100644
--- a/hosts/nixos/configuration.nix
+++ b/hosts/nixos/configuration.nix
@@ -1,5 +1,6 @@
 {
   inputs,
+  config,
   pkgs,
   ...
 }: {
@@ -106,9 +107,14 @@
   users.users.crony = {
     isNormalUser = true;
     description = "Crony";
+    hashedPasswordFile = "${config.age.secrets.crony-passwd.path}";
     extraGroups = ["networkmanager" "wheel" "video" "input" "audio" "gamemode" "seat"];
   };
 
+  users.users.root.hashedPasswordFile = "${config.age.secrets.root-passwd.path}";
+
+  users.mutableUsers = false;
+
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
diff --git a/hosts/ymir/configuration.nix b/hosts/ymir/configuration.nix
index 838a4a6..ed86ac3 100644
--- a/hosts/ymir/configuration.nix
+++ b/hosts/ymir/configuration.nix
@@ -1,5 +1,6 @@
 {
   inputs,
+  config,
   pkgs,
   ...
 }: {
@@ -106,9 +107,14 @@
   users.users.crony = {
     isNormalUser = true;
     description = "Crony";
+    hashedPasswordFile = "${config.age.secrets.crony-passwd.path}";
     extraGroups = ["networkmanager" "wheel" "video" "input" "audio" "gamemode" "seat"];
   };
 
+  users.users.root.hashedPasswordFile = "${config.age.secrets.root-passwd.path}";
+
+  users.mutableUsers = false;
+
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
diff --git a/modules/linux/nixos/secrets.nix b/modules/linux/nixos/secrets.nix
index 647d471..f02bd78 100644
--- a/modules/linux/nixos/secrets.nix
+++ b/modules/linux/nixos/secrets.nix
@@ -4,6 +4,12 @@
       wg-desktop = {
         file = ../../../secrets/wg-desktop.age;
       };
+      crony-passwd = {
+        file = ../../../secrets/crony-passwd-desktop.age;
+      };
+      root-passwd = {
+        file = ../../../secrets/root-passwd.age;
+      };
     };
     identityPaths = ["/home/crony/.ssh/main"];
   };
diff --git a/secrets/crony-passwd-desktop.age b/secrets/crony-passwd-desktop.age
new file mode 100644
index 0000000..f8df6c3
--- /dev/null
+++ b/secrets/crony-passwd-desktop.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 2P4nKw wpAhdG6VhwlJ3Kh+Sy1Z6xQpe+J4MNwRUh74NOwUoRk
+1oRFTsgbYtR8lShHzgH02b/TKAklbpbNK2uhw/idUY0
+-> ssh-ed25519 6+hQpQ 0JPdpTv1Nks5FP4CEDOK72Ve63QvXzAuY1EIb3+jhkw
+vJ+Nn/uSvSEBJB9eo16aqDdsh6/sI53qYqRXjZLeKKY
+-> ssh-ed25519 l/ODWA dPM/X6DMl8SgDdtZfbw226Z3Cr+xPLDshkdsaP3pwH8
+DVVs50NRfedYV0gJoPOl3BrGGh0govkgDrxVChT4Vfo
+-> ssh-ed25519 7+5K3Q PrY2tbECXEvIZeFp/yXkPKjktw1jMwZNaslR20QywBk
+CzGkEn4yaCSRego9R9DkF3Hf2n+7ZWtnbFa4YAQfERM
+-> ssh-ed25519 Ow0TGw +v8hrZsSASiA8GDHSjHAdcc6zMHFmJ8HZ3kI8zKhsn0
+OwsfohDZBWUH4x2oJxNYGT8m5O8cONUqAxYzjEmhsNs
+-> ssh-ed25519 cEINMA SrANNo6f42K0sH54ZG2f9CQGF6OYRNMV2Rrp4ghMTi4
+PiuVeZWl4BLjtHmmyZRQfPqP5cjJS3Ick3iU6Sqmdw0
+-> ssh-ed25519 fd/ZLQ EK0Iwvyu2t+AFCyW6GoUnDlwRpat2DcOXzIDCG5Q7nA
+UhtZmaYdspjfmf0y9YoTySx/dB2wiZPKcRlvBxB+Vxk
+--- TUmKueenk23R7yPRBXIkz4Bc36SJoh6ILhiWn2Lg900
+KÓ´Ì^ëNÀîIÔ•U›ˆáºL–‰]å«{.þÖ{ºVº/pä÷–ž<õ\•-ãál²†x†	×vÊº§0`É³p÷·çfû‹«co†N-N)usV¸¤›eöVküV.;Ëtt
\ No newline at end of file