diff --git a/flake.org b/flake.org
index d72aa8a..0a920e8 100644
--- a/flake.org
+++ b/flake.org
@@ -5,7 +5,7 @@
 #+OPTIONS: \n:t
 #+auto_tangle: t
  
-
+ 
 * Flakes
 ** Main Flake
 Flake of entire repo. [[./flake.nix][link]]
diff --git a/nix/common-os.nix b/nix/common-os.nix
index cd1067d..5b75eca 100644
--- a/nix/common-os.nix
+++ b/nix/common-os.nix
@@ -1,4 +1,35 @@
-{...}:
+# * Common OS
 {
-  
+  mkkArg,
+  config,
+  ...
+}:
+{
+
+  imports = [
+    mkkArg.current.sops-nix.nixosModules.sops
+# * Config
+# ** Assertions
+    {
+      assertions = [
+        {
+          assertion = builtins.pathExists (config.konfig.vars.path.mkk + "/host/keys/ssh_host_ed25519_key");
+          message = "Not found host ed25519 key";
+        }
+        {
+          assertion = builtins.pathExists (config.konfig.vars.path.mkk + "/host/keys//ssh_host_rsa_key");
+          message = "Not found host RSA key";
+        }
+      ];
+    }
+# ** Variables 
+    {
+      mkk.commonVariables = {
+        path = {
+          mkk = "/mkk";
+        };
+      };
+    }
+# * Common OS END
+  ];
 }
diff --git a/nix/common.nix b/nix/common.nix
index 9f0bb62..270176d 100644
--- a/nix/common.nix
+++ b/nix/common.nix
@@ -8,8 +8,8 @@
 }:
 {
   imports = [
-    (if mkkArg.isDecrypted then ./variables-private.nix else {})
-# * NIX & NIXPKGS
+# * Config
+# ** NIX & NIXPKGS
     {
       nixpkgs.config = {
         allowUnfree = lib.mkDefault true;
@@ -172,7 +172,7 @@
 
       };
     }
-# * Assertions
+# ** Assertions
     {
       config.assertions = [
         {
@@ -186,9 +186,15 @@
         }
       ];
     }
-# * Args
+# ** Args
     {
+      imports = [
+        (if mkkArg.isDecrypted then ./variables-private.nix else {})
+        (if mkkArg.isOs then ./common-os.nix else {})
+      ];
       options.konfig = lib.mkOption { default = { }; };
+      options.mkk.commonVariables = lib.mkOption { default = { }; };
+      
       config = {
         konfig = {
           unstable = mkkArg.unstable;
@@ -207,7 +213,7 @@
 
           arg = mkkArg;
           rootFlake = (builtins.getFlake mkkArg.configRootPath);
-          vars = { };
+          vars = config.mkk.commonVariables;
         };
         _module.args.konfig = config.konfig;
       };
diff --git a/nix/default.nix b/nix/default.nix
index 747bc14..ee5f7f9 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -46,10 +46,12 @@ in
                 current = (if isStable then stable else unstable);
                 isDecrypted = (isDecrypted (if isStable then stable else unstable).nixpkgs system);
                 isStable = isStable;
+                isOs = true;
               }
               // extraArgs;
           };
           modules = [
+            ./common.nix
             ./hosts/${hostname}.nix
             (
               if
@@ -62,8 +64,7 @@ in
               else
                 { }
             )
-            ./common.nix
-            ./common-os.nix
+            
           ] ++ extraModules;
         };
 
diff --git a/nix/hosts/materusPC-private.nix b/nix/hosts/materusPC-private.nix
index d2a8f65..8092d47 100644
Binary files a/nix/hosts/materusPC-private.nix and b/nix/hosts/materusPC-private.nix differ
diff --git a/nix/hosts/materusPC.nix b/nix/hosts/materusPC.nix
index 11e1754..6a443f9 100644
--- a/nix/hosts/materusPC.nix
+++ b/nix/hosts/materusPC.nix
@@ -9,19 +9,50 @@
 {
   imports = [
 # * CONFIG
-# **  Nix System Settings
+# ** General Settings
+# *** SOPS
+    {
+      sops.age.generateKey = false;
+      sops.gnupg.home = null;
+      sops.gnupg.sshKeyPaths = [ ];
+      sops.age.sshKeyPaths = [ (konfig.vars.path.mkk + "/host/keys/ssh_host_ed25519_key") ];
+      sops.defaultSopsFile = konfig.rootFlake + "/private/materusPC-secrets.yaml";
+      #sops.secrets."users/materus" = { neededForUsers = true; };
+      sops.secrets.wireguard = { };
+
+      services.openssh.hostKeys = [
+        {
+          bits = 4096;
+          path = konfig.vars.path.mkk + "/host/keys/ssh_host_rsa_key";
+          type = "rsa";
+        }
+        {
+          path = konfig.vars.path.mkk + "/host/keys/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
+    }
+# ***  Nix System Settings
     {
       nixpkgs.hostPlatform = "x86_64-linux";
       system.copySystemConfiguration = false;
       system.stateVersion = "23.05";
     }
 # ** Network
+# *** Firewall & Others
     {
+      services = {
+        syncthing = {
+          enable = true;
+          user = "materus";
+          dataDir = "/home/materus";
+        };
+      };
+
       networking.hostName = "materusPC";
       networking.useDHCP = lib.mkDefault true;
       networking.wireless.iwd.enable = true;
-      networking.networkmanager.enable = true;
-      #networking.networkmanager.wifi.backend = "iwd";
+
       networking.firewall.enable = true;
 
       networking.firewall = {
@@ -35,9 +66,85 @@
           ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
           ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
         '';
+
+        allowedTCPPorts = [
+          24800
+          5900
+          5357
+          4656
+          8080
+          9943
+          9944
+          # Syncthing
+          22000
+          config.services.syncthing.relay.statusPort
+          config.services.syncthing.relay.port
+        ];
+        allowedUDPPorts = [
+          (lib.strings.toInt konfig.vars.wireguard.ports.materusPC)
+          24800
+          5900
+          3702
+          4656
+          6000
+          9943
+          9944
+          # Syncthing
+          22000
+          21027
+          # Zomboid
+          17000
+          17001
+        ];
       };
 
     }
+# *** NetworkManager
+    {
+      sops.templates."networkmanager.env".content = ''
+        WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
+      '';
+      networking.networkmanager.ensureProfiles.environmentFiles = [
+        config.sops.templates."networkmanager.env".path
+      ];
+      networking.networkmanager.enable = true;
+      #networking.networkmanager.wifi.backend = "iwd";
+
+      networking.networkmanager.settings = {
+        connectivity = {
+          uri = "http://nmcheck.gnome.org/check_network_status.txt";
+        };
+      };
+
+      networking.networkmanager.ensureProfiles.profiles = {
+        wg0 = {
+          connection = {
+            id = "wg0";
+            type = "wireguard";
+            interface-name = "wg0";
+          };
+          wireguard = {
+            private-key = "$WIREGUARD_PRIVATEKEY";
+          };
+          "wireguard-peer.${konfig.vars.wireguard.pubKeys.valkyrie}" = {
+            endpoint = "${konfig.vars.ip.valkyrie.ipv4}:${konfig.vars.wireguard.ports.valkyrie}";
+            allowed-ips = "${konfig.vars.wireguard.masks.general};";
+            persistent-keepalive = "20";
+          };
+          ipv4 = {
+            address1 = "${konfig.vars.wireguard.ip.materusPC}/23";
+            dns = "${konfig.vars.wireguard.ip.valkyrie};";
+            method = "manual";
+            never-default = "true";
+          };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "disabled";
+          };
+          proxy = { };
+        };
+      };
+    }
 # ** Hardware
 # *** Filesystems
     {
@@ -219,6 +326,9 @@
 
 # *** Firmware & Others
     {
+      hardware.uinput.enable = true;
+      hardware.steam-hardware.enable = true;
+      
       hardware.firmware = with pkgs; [
         konfig.nixerusPkgs.amdgpu-pro-libs.firmware.vcn
         konfig.nixerusPkgs.amdgpu-pro-libs.firmware
diff --git a/nix/variables-private.nix b/nix/variables-private.nix
index 95a556e..59020ec 100644
Binary files a/nix/variables-private.nix and b/nix/variables-private.nix differ
diff --git a/private/materusPC-secrets.yaml b/private/materusPC-secrets.yaml
new file mode 100644
index 0000000..b131fbf
Binary files /dev/null and b/private/materusPC-secrets.yaml differ