diff --git a/home-manager/hosts/GLaDOS/lillian.nix b/home-manager/hosts/GLaDOS/lillian.nix
index 572d11a..f10caa5 100644
--- a/home-manager/hosts/GLaDOS/lillian.nix
+++ b/home-manager/hosts/GLaDOS/lillian.nix
@@ -19,6 +19,7 @@
     heroic
     r2modman
     ryujinx
+    lutris
   ];
 
   programs.mangohud = {
diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index 64009a5..9e3fb05 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -1,117 +1,36 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
 {
+  lib,
+  pkgs,
   inputs,
   outputs,
-  lib,
-  config,
-  pkgs,
+  modulesPath,
   ...
 }: {
   imports = [
-    inputs.home-manager.nixosModules.home-manager
+    # inputs.nixos-hardware.nixosModules.raspberry-pi-4
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
 
-    ./hardware-configuration.nix
+    ../hardware-configuration.nix
 
-    # Import shared configurations
+    # Import shared settings
     ../../shared
-    # ../../../disko/wheatley
-    inputs.nixos-hardware.nixosModules.raspberry-pi-4
   ];
 
-  boot.loader.generic-extlinux-compatible.enable = true;
-  boot.loader.generic-extlinux-compatible.configurationLimit = 5;
-  boot.loader.grub.enable = false;
-  boot.tmp.cleanOnBoot = true;
-
-  # boot.extraModulePackages = [
-  #   (pkgs.callPackage ./rtl8189es.nix {
-  #     kernel = config.boot.kernelPackages.kernel;
-  #   })
-  # ];
-  nixpkgs = {
-    # You can add overlays here
-    overlays = [
-      (final: super: {
-        makeModulesClosure = x:
-          super.makeModulesClosure (x // {allowMissing = true;});
-      })
-    ];
-    # Configure your nixpkgs instance
-    config = {
-      # Disable if you don't want unfree packages
-      allowUnfree = true;
-    };
-  };
-
-  hardware.raspberry-pi."4".fkms-3d.enable = true;
+  nixpkgs.overlays = [
+    (final: super: {
+      makeModulesClosure = x:
+        super.makeModulesClosure (x // {allowMissing = true;});
+    })
+  ];
 
+  #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
   sops.defaultSopsFile = ./secrets/sops.yaml;
 
-  sops.secrets."wireless.env".mode = "0440";
-  sops.secrets."wireless.env".owner = config.users.users.root.name;
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 
-  environment.systemPackages = with pkgs; [
-    age
-    git
-    htop
-    libraspberrypi
-  ];
+  boot.initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
 
-  boot.kernelParams = [
-    "console=ttyS0,115200n8"
-  ];
-
-  nix = {
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
-    };
-    # This will add each flake input as a registry
-    # To make nix3 commands consistent with your flake
-    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
-
-    # This will additionally add your inputs to the system's legacy channels
-    # Making legacy nix commands consistent as well, awesome!
-    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
-
-    settings = {
-      # Enable flakes and new 'nix' command
-      experimental-features = "nix-command flakes";
-      # Deduplicate and optimize nix store
-      auto-optimise-store = true;
-    };
-  };
-
-  networking.wireless.enable = true;
-  networking.networkmanager.wifi.powersave = false;
-  # networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
-  # networking.wireless.networks."KPNAA6306" = {
-  #   hidden = true;
-  #   auth = ''
-  #     key_mgmt=WPA-PSK
-  #     password="@PSK_HOME@"
-  #   '';
-  # };
-
-  networking.firewall.enable = true;
-
-  networking.firewall = {
-    allowedTCPPorts = [22 80 443 5335 8080 46899 46898];
-    allowedUDPPorts = [5335 46899 46898];
-  };
-  # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
-
-  programs.zsh = {
-    enable = true;
-  };
-
-  programs.git = {
-    enable = true;
-  };
+  sdImage.compressImage = false;
 
   home-manager = {
     extraSpecialArgs = {inherit inputs outputs;};
@@ -121,18 +40,34 @@
     };
   };
 
-  networking.hostName = "wheatley"; # Define your hostname
+  networking.hostName = "wheatley";
 
-  boot.kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_rpi4;
-  boot.supportedFilesystems = lib.mkForce ["vfat" "btrfs" "tmpfs"];
-  networking.wireless.interfaces = ["enu1u1"];
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
 
-  # powerManagement.cpuFreqGovernor = "powersave";
-  powerManagement.cpufreq.max = 648000;
+  networking.firewall = {
+    enable = true;
+    allowPing = false;
+    allowedTCPPorts = [
+      22 # SSH
+      5349 # STUN tls
+      5350 # STUN tls alt
+      80 # http
+      443 # https
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 49152;
+        to = 49999;
+      } # TURN relay
+    ];
+  };
 
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "unstable"; # Did you read the comment?
+  system.stateVersion = "25.05";
+  nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
 }