diff --git a/.sops.yaml b/.sops.yaml
index 6483a32..9ad1fd3 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -11,7 +11,7 @@ keys:
   - &hosts:
       - &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
       - &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
-    # - &blobercraft
+      - &blobercraft age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
 creation_rules:
   - path_regex: secrets.yaml$
     key_groups:
@@ -19,4 +19,4 @@ creation_rules:
         - *dev
         - *dev-vm
         - *crayon
-        # - *blobercraft
+        - *blobercraft
diff --git a/Makefile b/Makefile
index 8482ac0..62e366c 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@ ifneq ($(shell git diff),)
 	git commit -m "auto commit on build" -m "`PAGER=cat git diff --name-only --cached`"
 endif
 	rsync -azr ./ crown@$(IP):~/flake-config
-	ssh crown@$(IP) "sudo nixos-rebuild switch --flake ~/flake-config#$(HOST)"
+	ssh crown@$(IP) "NIX_CONFIG='experimental-features = flakes pipe-operators' sudo nixos-rebuild switch --flake ~/flake-config#$(HOST)"
 
 sops:
 	# update sops keys
diff --git a/hosts/blobercraft/hardware-configuration.nix b/hosts/blobercraft/hardware-configuration.nix
index 8c24f26..1e3ab01 100644
--- a/hosts/blobercraft/hardware-configuration.nix
+++ b/hosts/blobercraft/hardware-configuration.nix
@@ -5,35 +5,34 @@
 
 {
   imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/37cd6e5e-5e67-48de-a2cf-9f1f26db5721";
+    { device = "/dev/disk/by-uuid/59b4c37b-b8c6-4b95-96af-e343161381bb";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/2EB4-8533";
+    { device = "/dev/disk/by-uuid/E8A3-780D";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/7849db93-3c39-4571-ac39-8542251eb194"; }
-    ];
+  swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/modules/sops.nix b/modules/sops.nix
index 0784e45..f769a40 100644
--- a/modules/sops.nix
+++ b/modules/sops.nix
@@ -4,7 +4,6 @@
 
   sops = {
     defaultSopsFile = ../secrets.yaml;
-    validateSopsFiles = false;
 
     # Derive the age key from the systems ssh key. I didn't know this before but
     # it seems like all systems have ssh keys already generated.
diff --git a/secrets.yaml b/secrets.yaml
index 1882a33..fe10e0e 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -13,29 +13,38 @@ sops:
         - recipient: age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVjgxaW4ydXZDcWNHWG8y
-            Vm1JYjY4cG5HbDBUMzY4dFJYUzU5Wkk0dlhVCkcwVlRLaUl2OXNZbWYycVF4czRJ
-            QkJ4ZUUxN1VNbUErbnoyUnhTYlZmZ1kKLS0tIFNJMnZwdzBHRFIzcFNndDA2QU9R
-            dWdMcEdEYVZ1MURVN3RiUDZVZVRKd3cKgcINDvSO7cswTZSIFBUJMw49VTCXiw0+
-            pNfExo2VAt+FiMTcErit7YG2Ti4jPBl4T2yPiS/LcEY0BZVq0t5i4A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNT0IxYjhWWkZadnVmcGpz
+            VXB5U2VvTFllYWhJTkNwQmxsWkxEL2drRHcwCksrMGs4SVZoL1pJNU00TUZBeU5V
+            UFBRcnRFdTlxUjgvcVpSelZIU0NyVWsKLS0tICtnZm8rYnB5cWhIUVBmQzQxSWIr
+            M29ZRHIwNGZSdi9LYmp5d2xyTWdmRDgKhs6COQa3Vmosiwv7I/IjvYr10Mx83V6z
+            W2d8PPTHBlRMqPcghpG2UOFsygzP8Y6UlMpCgt25vnFLUwCPlo7ERA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtKzZrOUFBeFhKQU1RNDZP
-            RnZwdTFxL0E5NGtEc3prRitvOWptZFlSNW04Cll2eDNIa2tGZWd5cHdFWUJWeUx2
-            ZHBoWk4ydENneVBMQlREQ1hSUjdjbHMKLS0tIGx1UWgweXNSbHpqM3RSQURUME90
-            Y1Z1M1lQK0ErMFFpcWl1OElDV3FNRG8KzRfpQvGQbo+7W2IBJzJohF+X9s9OuIQn
-            e/pFYM0kNd4dBr/KKqXU5olt92b8H6QLGSuMx/rLNSYToFXjg7kPXw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMUFJY2RjSHcrS2Foa2Fo
+            dUJMSmpEL0NEN1BLYlZDNlA3aUQyQUNkYWxnCnNmV0ZpWTA0ZHUrUEtBV3MyZ3U1
+            SitYaVFBZklaZ282K2plYUhlVjRVWGMKLS0tIGlOZENMbURDMWR5VEFIVEdyV3k5
+            S3hQemRLNFd6eDlQY3pvUlkzUVhRUlUKHvdPyCCb0I825u9Hx+Fz+W9ESM2Gxy+N
+            lUsxP/ngAnG52MSrxxU33PG4TXSvaaYzuGP7gOQF6hB9U79inWzFzg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZGszdTd2YjZsMkh2ckdZ
-            eGlRMUZzcDRDR3dGMlByL3FYUHh4NzJUNG1zCm9FTGczeitRRHdxWGltemM3MHFl
-            TjNhZ1Z5NDB2NHdCY1M2UVlXN2hFVFEKLS0tIEJGZTZ5RjBqNWtjRE5hVksyOCtj
-            c0N1WU40bFlRNGkvelR2Y2ZMY29lTDQKMjSDY5VP8Pcmz8FivXBPmuaZH7EaVaok
-            2Z8+er/FQ+K7Y94BVcfPWCw16a2R30kqc32EFRyjGXgHCCOjJBv0Aw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYTkvaldVWUk1TC94REEr
+            OHNiUHlqN0l3QWFJbjZ6anZpVTN5OGtibGtNCm9DcVJ6SktQeEFWU2REU0dpRjZu
+            WnBBaDMrbnRNaVhtR3BqdjVkc2tpZEEKLS0tIHRVdW8yL1JmcDVrVkNaa2lNN2h5
+            Y0gxSjYrY3gydnBseEVlQTBSSEtJSVEKH4v1Q9kKQaj5vdV9mW2Rsl/GUbq1h/m9
+            iy6BPmjC9GNtTBJ8VuvkQSvPLD+dsMwYqhmSbTQgDpRP3sQ4a6rWkA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcWVDbmhhc1FHRG5WOTEz
+            emp4Rm9YMlA3aXUvMnpDWElqRElzQjdlMzNRCjducWdqQzliZjkzaWtGdEdUbk9u
+            MlBCL0lqdWs4TVo0RW9ham5mTExTSzQKLS0tICtJWk15NG9yMWwyVjF6SE1weWFF
+            NmlybmxKYlJESGxJbFdCazZUKzVjYmMK56j3+CuRfZsbVeYfmESlD2z6GYzIFQYz
+            f/jpI+8CteDlxbGuUvW10hD7lB8az2+Z+MQX2+koy3PZBkGChPh/Yg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-11-09T02:00:10Z"
     mac: ENC[AES256_GCM,data:9Jg3aXMMe8Yhf3CycD+UPqlTg0E619dmOJENRe2sfwROdKxOXhiFqnuI4t262XW3IMpJdCbv3RIblklF6vPaqqJWkPqj4Jt2niF4Bq0oR+cRM+rAElYAZ6vviCWnjTjOhTD/UB2RYPFH77Ce7RQmR4c5H4D6uLaw1g3+9TLJPTE=,iv:p4mF2S1n+mTV+ny3hKbQ+tYqh+4HGURyUP9hiSdMZjs=,tag:dWCa87XTwH3mBHshUMxjiQ==,type:str]