diff --git a/flake.lock b/flake.lock
index e37608a..65edad9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -786,22 +786,6 @@
         "type": "github"
       }
     },
-    "nixos-hardware": {
-      "locked": {
-        "lastModified": 1724067415,
-        "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=",
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "master",
-        "repo": "nixos-hardware",
-        "type": "github"
-      }
-    },
     "nixpak": {
       "inputs": {
         "flake-parts": "flake-parts_3",
@@ -2624,7 +2608,6 @@
         "hyprland-plugins": "hyprland-plugins",
         "lix-module": "lix-module",
         "neovim-flake": "neovim-flake",
-        "nixos-hardware": "nixos-hardware",
         "nixpak": "nixpak",
         "nixpkgs": "nixpkgs_5",
         "schizofox": "schizofox",
diff --git a/hosts/vali/hermit/configuration.nix b/hosts/vali/hermit/configuration.nix
index ff1352d..7c11d99 100644
--- a/hosts/vali/hermit/configuration.nix
+++ b/hosts/vali/hermit/configuration.nix
@@ -1,6 +1,7 @@
 {
-  pkgs,
   config,
+  lib,
+  pkgs,
   ...
 }: {
   # Time Zone
@@ -14,6 +15,7 @@
   programs.dconf.enable = true;
   boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
   services.thermald.enable = true;
+  services.fstrim.enable = lib.mkDefault true;
 
   modules = {
     system = {
diff --git a/modules/other/system.nix b/modules/other/system.nix
index 60040d8..d2ba9f0 100644
--- a/modules/other/system.nix
+++ b/modules/other/system.nix
@@ -28,7 +28,7 @@ in {
 
     users.users.${cfg.username} = {
       isNormalUser = true;
-      extraGroups = ["wheel"];
+      extraGroups = ["wheel" "networking"];
     };
   };
 }
diff --git a/modules/system/default.nix b/modules/system/default.nix
index 1dda74c..2a95e29 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -5,5 +5,6 @@ _: {
     ./hardware
     ./nix/module.nix
     ./os/networking/module.nix
+    ./os/security/module.nix
   ];
 }
diff --git a/modules/system/os/security/module.nix b/modules/system/os/security/module.nix
new file mode 100644
index 0000000..46c037e
--- /dev/null
+++ b/modules/system/os/security/module.nix
@@ -0,0 +1,5 @@
+_: {
+  imports = [
+    ./sudo.nix
+  ];
+}
diff --git a/modules/system/os/security/sudo.nix b/modules/system/os/security/sudo.nix
new file mode 100644
index 0000000..f57fd74
--- /dev/null
+++ b/modules/system/os/security/sudo.nix
@@ -0,0 +1,21 @@
+{
+  lib,
+  pkgs,
+}: let
+  inherit (lib) mkForce mkDefault;
+in {
+  security = {
+    sudo-rs.enable = mkForce false;
+    sudo = {
+      enable = true;
+      # We use the default sudo package
+      package = pkgs.sudo;
+
+      # Wheel user should need the password to execute sudo commands
+      wheelNeedsPassword = mkDefault true;
+
+      # BUT, only wheel users should be able to use sudo.
+      execWheelOnly = mkForce true;
+    };
+  };
+}