diff --git a/configuration.nix b/configuration.nix
index 15cbb9a..b9a1ee3 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -53,13 +53,6 @@
     };
   };
 
-  # https://github.com/viperML/nh
-  programs.nh = {
-    enable = true;
-    clean.enable = true;
-    clean.extraArgs = "--keep-since 4d --keep 3";
-  };
-
   boot = {
     # 6.12 LTS until 2027
     kernelPackages = pkgs.linuxPackages_6_12;
@@ -105,9 +98,9 @@
   services.openssh = {
     enable = true;
     settings = {
-      AllowUsers = [ username ];
+      AllowUsers = [ username "root" ];
       PasswordAuthentication = false;
-      PermitRootLogin = "no";
+      PermitRootLogin = "yes"; # for deploying configs
     };
   };
 
@@ -139,12 +132,13 @@
 
     borgbackup
     smartmontools
-
     nil
 
     ripgrep
 
     intel-gpu-tools
+    iotop
+    iftop
 
     tmux
 
@@ -289,7 +283,7 @@
       service_configs.torrent_group
     ];
 
-    hashedPasswordFile = "${./secrets/hashedPass}";
+    hashedPasswordFile = builtins.toString ./secrets/hashedPass;
 
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
@@ -297,6 +291,8 @@
     ];
   };
 
+  users.users.root.openssh.authorizedKeys.keys = config.users.users.${username}.openssh.authorizedKeys.keys;
+
   # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
   programs.fish.enable = true;
   programs.bash = {
diff --git a/deploy.sh b/deploy.sh
new file mode 100755
index 0000000..6e26436
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+nixos-rebuild switch --flake .#muffin --target-host root@server --build-host root@server --verbose
diff --git a/flake.lock b/flake.lock
index bdcedc3..c6ae6d5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -183,11 +183,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742262784,
-        "narHash": "sha256-a/Knvms22n1Co7TR5uXW+gvpIZcmNWxzm7oUM+Unyok=",
+        "lastModified": 1742522051,
+        "narHash": "sha256-uDlj+5J7eTuFkDaNl9cYf++gJdEW23Z4zSuDcNANIQc=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "b72f0bc3698833e2d079fce2edf5bda04d411287",
+        "rev": "57464e795fd31ceef845d7ce454d3b83e80e283e",
         "type": "github"
       },
       "original": {
@@ -198,11 +198,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1742217307,
-        "narHash": "sha256-3fwpN7KN226ghLlpO9TR0/WpgQOmOj1e8bieUxpIYSk=",
+        "lastModified": 1742376361,
+        "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "4f4d97d7b7be387286cc9c988760a7ebaa5be1f1",
+        "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9",
         "type": "github"
       },
       "original": {
@@ -214,11 +214,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742268799,
-        "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
+        "lastModified": 1742562948,
+        "narHash": "sha256-QUnzAW7CW0sCkFN1Kez/8UVq8EbBGNKOfHZHIZON0XQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "da044451c6a70518db5b730fe277b70f494188f1",
+        "rev": "e7a04ccc42104e0554f0a2325930fe98db9a5325",
         "type": "github"
       },
       "original": {