diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix
index 59dda19..a6c671c 100644
--- a/enviroments/common/default.nix
+++ b/enviroments/common/default.nix
@@ -26,6 +26,19 @@
     LC_TIME = "en_US.UTF-8";
   };
 
+  users.groups.users = {};
+
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+
+    age ={
+      keyFile = "/var/lib/sops-nix/key.txt";
+      # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"];
+      # generateKey = true;
+    };
+  };
+
   # List packages installed in system profile.
   environment.systemPackages = with pkgs; [
     wget
diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index bc6c34c..594e83f 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -11,17 +11,6 @@
       ../../enviroments/server
     ];
 
-  sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
-    defaultSopsFormat = "yaml";
-
-    age ={
-      keyFile = "/home/leyla/.config/sops/age/keys.txt";
-      # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"];
-      # generateKey = true;
-    };
-  };
-
   # home.sessionVariables = {
   #   SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt";
   # };
diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix
index 34e6922..93f9265 100644
--- a/hosts/twilight/configuration.nix
+++ b/hosts/twilight/configuration.nix
@@ -11,11 +11,6 @@
       ../../enviroments/client
     ];
 
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
-  sops.defaultSopsFormat = "yaml";
-
-  sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
-
   users.leyla = {
     isFullUser = true;
     hasPiperMouse = true;
diff --git a/users/ester/default.nix b/users/ester/default.nix
index 4850e0f..156716f 100644
--- a/users/ester/default.nix
+++ b/users/ester/default.nix
@@ -27,7 +27,7 @@ in
       (
         if cfg.isFullUser then {
           isNormalUser = true;
-          extraGroups = [ "networkmanager" ];
+          extraGroups = [ "networkmanager" "users" ];
 
           hashedPasswordFile = config.sops.secrets."passwords/ester".path;
 
diff --git a/users/eve/default.nix b/users/eve/default.nix
index bf2b51b..4ed06a8 100644
--- a/users/eve/default.nix
+++ b/users/eve/default.nix
@@ -27,7 +27,7 @@ in
       (
         if cfg.isFullUser then {
           isNormalUser = true;
-          extraGroups = [ "networkmanager" ];
+          extraGroups = [ "networkmanager" "users" ];
 
           hashedPasswordFile = config.sops.secrets."passwords/eve".path;
 
diff --git a/users/leyla/default.nix b/users/leyla/default.nix
index c5bfef9..7546613 100644
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@@ -37,7 +37,7 @@ in
         if (cfg.isFullUser || cfg.isThinUser) then {
           isNormalUser = true;
           extraGroups = lib.mkMerge [
-            ["networkmanager" "wheel" "docker"]
+            ["networkmanager" "wheel" "docker" "users"]
             (
               lib.mkIf (!cfg.isThinUser) [ "adbusers" ]
             )