diff --git a/assets/ssh.nix b/assets/ssh.nix
index fb8a04d..afdc92c 100644
--- a/assets/ssh.nix
+++ b/assets/ssh.nix
@@ -15,6 +15,7 @@
     kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com";
     hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXVPUBYAMn9H3efG/ldWl/ySmZV0CXleyH7E5nKf/N7 nikodem@rabulinski.com";
     tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPKXcihNVgsStMstnZYvh+Ai+JsydX3vu4O0yhlN+zw niko@tsukasa";
+    youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAGBazVVFr1+beFxpC701IPz4JwdPIyFJybVVZ9kTkr niko@youko";
   };
 
   system = {
@@ -25,5 +26,6 @@
     kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l";
     hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsTkICNuUwGqrToisTViFCBoql39+DFYVZSWj7vfbXK";
     tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKy32XGCkB0KOUm4f0ybrutfAzR7+baifM2yv5KuYV7 root@tsukasa";
+    youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSbIjEo28aB2TACkvLY+VRKElZEdH9qFlTTfxCrblGZ root@youko";
   };
 }
diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix
index d708d8a..9372442 100644
--- a/hosts/youko/default.nix
+++ b/hosts/youko/default.nix
@@ -1,26 +1,22 @@
 {
-  configurations.nixos.youko = {
-    imports = [
-      ./disks.nix
-      ./hardware.nix
-    ];
+  configurations.nixos.youko =
+    { config, username, ... }:
+    {
+      imports = [
+        ./disks.nix
+        ./hardware.nix
+      ];
 
-    nixpkgs.hostPlatform = "x86_64-linux";
+      nixpkgs.hostPlatform = "x86_64-linux";
 
-    boot = {
-      loader.systemd-boot.enable = true;
-      loader.efi.canTouchEfiVariables = true;
-    };
-
-    networking.networkmanager.enable = true;
-
-    settei.user.config =
-      { lib, ... }:
-      {
-        programs.git.signing = lib.mkForce {
-          key = null;
-          signByDefault = false;
-        };
+      boot = {
+        loader.systemd-boot.enable = true;
+        loader.efi.canTouchEfiVariables = true;
       };
-  };
+
+      networking.networkmanager.enable = true;
+
+      age.secrets.niko-pass.file = ../../secrets/youko-niko-pass.age;
+      users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
+    };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index fc8ce14..239830e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -89,4 +89,8 @@ in
     keys.system.ude
     keys.other.bootstrap
   ];
+  "youko-niko-pass.age".publicKeys = [
+    keys.system.youko
+    keys.other.bootstrap
+  ];
 }
diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age
new file mode 100644
index 0000000..755dffd
--- /dev/null
+++ b/secrets/youko-niko-pass.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 rA7dkQ ztMXNi12xb4ZTd1w6KxB6RXLzdk0b8s73aFObVcUjSc
+gVE8z6agYlnMj9N2ZhudUX9BfgpiYXqwisYuYsFMCrE
+-> ssh-ed25519 GKhvwg C+uqtkHl5BNPLERwVByw4oQQgXSbbxwejy2nhJRjYzs
+xS/4KSywTRvgbvLeeIgvylWu5TRPTlOQiG+wsaLEZoY
+--- d7crfFYKvz20fbdLgtYh+QuPrC9cFKvIrrJz+Rsl0vk
+7ÒÿªRâ3¼ódÖ‹Êï!Žb„ƒ³ªP$Ñ¿Ä'ª‡ö±áÏþeµÓ|ó’®ð-ÍÉ©¼®ÆHR%“¾àÉ¼`Üä‘¹HSˆË@€ÝÁx¬"ŽÈdä‰Y8™à™%*AÏ“W‡#3«
\ No newline at end of file