diff --git a/.sops.yaml b/.sops.yaml
index 4ba5ffb..c049481 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -56,4 +56,10 @@ creation_rules:
     - pgp:
       - *steveej
       age:
-      - *router0-dmz0
\ No newline at end of file
+      - *router0-dmz0
+  - path_regex: ^secrets/sj-vps-htz0/.+$
+    key_groups:
+    - pgp:
+      - *steveej
+      age:
+      - *sj-vps-htz0
\ No newline at end of file
diff --git a/nix/os/devices/sj-vps-htz0/configuration.nix b/nix/os/devices/sj-vps-htz0/configuration.nix
index 28a63fb..dbbf113 100644
--- a/nix/os/devices/sj-vps-htz0/configuration.nix
+++ b/nix/os/devices/sj-vps-htz0/configuration.nix
@@ -1,12 +1,28 @@
-{...}: {
+{
+  nodeName,
+  config,
+  ...
+}: {
   disabledModules = [];
   imports = [
     ../../profiles/common/configuration.nix
+    {
+      users.commonUsers = {
+        enable = true;
+        enableNonRoot = false;
+        rootPasswordFile = config.sops.secrets.passwords-root.path;
+      };
+
+      sops.secrets.passwords-root = {
+        sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
+        neededForUsers = true;
+        format = "yaml";
+      };
+    }
     ../../modules/opinionatedDisk.nix
 
     ./system.nix
     ./hw.nix
-    ./pkg.nix
     ./boot.nix
   ];
 }