diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8aa993c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.gitsecret/keys/random_seed
+!*.secret
+configs/secrets.nix
\ No newline at end of file
diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx
new file mode 100644
index 0000000..d03cc08
Binary files /dev/null and b/.gitsecret/keys/pubring.kbx differ
diff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~
new file mode 100644
index 0000000..6ba8046
Binary files /dev/null and b/.gitsecret/keys/pubring.kbx~ differ
diff --git a/.gitsecret/keys/trustdb.gpg b/.gitsecret/keys/trustdb.gpg
new file mode 100644
index 0000000..a745453
Binary files /dev/null and b/.gitsecret/keys/trustdb.gpg differ
diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
new file mode 100644
index 0000000..6fefeb1
--- /dev/null
+++ b/.gitsecret/paths/mapping.cfg
@@ -0,0 +1 @@
+configs/secrets.nix:f4c7954901423088644fc4a7b0e1a8a5f6880a0a933864cc3220c2836f9d5400
diff --git a/configs/common.nix b/configs/common.nix
index 1b6e1c1..40468fc 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
-
+let
+  secrets = import ./secrets.nix;
+in
 {
   imports =
     [
@@ -19,12 +21,9 @@
     nextdns = {
       enable = true;
       arguments = [
-        "-config"
-        "aaa56c"
-        "-cache-size"
-        "10MB"
-        "-listen"
-        "127.0.0.1:53"
+        "-config" secrets.nextdnshash
+        "-cache-size" "10MB"
+        "-listen" "127.0.0.1:53"
         "-report-client-info"
       ];
     };
@@ -39,6 +38,11 @@
     networkmanager.dns = "none";
   };
 
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryFlavor = "curses";
+  };
+
   environment.systemPackages = with pkgs; [
     ack
     atop
@@ -52,7 +56,7 @@
     exa
     ffmpeg
     git
-    git-secrets
+    git-secret
     glances
     gnupg
     gocryptfs
diff --git a/configs/gui.nix b/configs/gui.nix
index dcfb3ba..280c820 100644
--- a/configs/gui.nix
+++ b/configs/gui.nix
@@ -8,10 +8,19 @@
     chromium.commandLineArgs = "--enable-features=WebUIDarkMode,NativeNotifications,VaapiVideoDecoder --ignore-gpu-blocklist --use-gl=desktop --force-dark-mode --disk-cache-dir=/tmp/cache";
   };
 
-  networking.networkmanager = {
-    enable = true;
+  networking = {
+    firewall.enable = false;
+    networkmanager = {
+      enable = true;
+    };
   };
 
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  #   pinentryFlavor = "gtk2";
+  # };
+
   environment.systemPackages = with pkgs; [
     baobab
     barrier
@@ -64,6 +73,13 @@
     transmission-gtk
     virtmanager
     vulkan-tools
+    openconnect
+    networkmanager-openconnect
+    cypress
+    gnome.cheese
+    megapixels
+    obs-studio
+    fswebcam
   ];
 
   programs = {
diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret
new file mode 100644
index 0000000..1c6af6a
Binary files /dev/null and b/configs/secrets.nix.secret differ
diff --git a/configs/user-gui.nix b/configs/user-gui.nix
index ddf3e3d..7002f35 100644
--- a/configs/user-gui.nix
+++ b/configs/user-gui.nix
@@ -103,7 +103,7 @@
     services = {
       picom = {
         enable = true;
-        blur = false;
+        blur = true;
         shadow = true;
         vSync = true;
       };
diff --git a/machine/vps.nix b/machine/vps.nix
index 3f99ef2..b2ec487 100644
--- a/machine/vps.nix
+++ b/machine/vps.nix
@@ -30,13 +30,7 @@
     nodejs
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
   programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
 
   security.acme.email = "webmaster@szczepan.ski";
   security.acme.acceptTerms = true;