diff --git a/hosts/ws-think/configuration.nix b/hosts/ws-think/configuration.nix
index a2bc101..7dd71d3 100644
--- a/hosts/ws-think/configuration.nix
+++ b/hosts/ws-think/configuration.nix
@@ -1,7 +1,7 @@
 {
   inputs,
   pkgs,
-  lib,
+  config,
   ...
 }:
 
@@ -12,13 +12,23 @@
   # Machine hostname
   networking.hostName = "ws-think";
 
-  # Admin users
-  users.users.jan.extraGroups = [
-    "wheel"
-    "wireshark"
-    "podman"
-    "libvirtd"
-  ];
+  # Set up users
+  sops.secrets."passwords/jan-hashed" = {
+    sopsFile = "${inputs.secrets}/secrets/ws-think.enc.yaml";
+    neededForUsers = true;
+  };
+  users.mutableUsers = false;
+  users.users.Jan = {
+    hashedPasswordFile = config.sops.secrets."passwords/jan-hashed".path;
+    # Extra admin groups
+    # TODO: Streamline setup of this
+    extraGroups = [
+      "wheel"
+      "wireshark"
+      "podman"
+      "libvirtd"
+    ];
+  };
 
   # Set up kerberos
   security.krb5 = {
diff --git a/hosts/ws-think/users/jan.nix b/hosts/ws-think/users/Jan.nix
similarity index 100%
rename from hosts/ws-think/users/jan.nix
rename to hosts/ws-think/users/Jan.nix