diff --git a/nodes/hosts/common/configuration.nix b/nodes/hosts/common/configuration.nix
index debc6af..e71bf3c 100644
--- a/nodes/hosts/common/configuration.nix
+++ b/nodes/hosts/common/configuration.nix
@@ -17,6 +17,7 @@
     ./services/sound.nix
     ./system/bluetooth.nix
     ./system/locale.nix
+    ./system/security.nix
     ./system/time.nix
     ./system/users.nix
   ];
diff --git a/nodes/hosts/common/system/security.nix b/nodes/hosts/common/system/security.nix
new file mode 100644
index 0000000..9bdc475
--- /dev/null
+++ b/nodes/hosts/common/system/security.nix
@@ -0,0 +1,29 @@
+{ pkgs, lib, ... }: {
+  security = {
+    rtkit.enable = true;
+    pam.services.hyprlock = {};
+
+    polkit = {
+      enable = true;
+      adminIdentities = [
+        "unix-group:wheel"
+      ];
+    };
+    
+    sudo = {
+      enable = lib.mkForce false;
+    };
+   
+    sudo-rs = {
+      enable = true;
+      wheelNeedsPassword = true;
+      execWheelOnly = true;
+    };
+  };
+
+  environment.systemPackages = [
+    pkgs.vulnix
+  ];
+}
+
+