diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix
index 9e90065..a6b95f3 100644
--- a/hosts/cube/default.nix
+++ b/hosts/cube/default.nix
@@ -11,10 +11,10 @@
   users.users.root.passwordFile = config.age.secrets."cube.password".path;
 
   users.users.rgb = normalUser {
-    description = "RGB";
-    extraGroups = [ "wheel" ];
+    description                 = "RGB";
+    extraGroups                 = [ "wheel" ];
     openssh.authorizedKeys.keys = [ keys.rgbcube ];
-    passwordFile = config.age.secrets."cube.password".path;
+    hashedPasswordFile          = config.age.secrets."cube.password.hash".path;
   };
 })
 
diff --git a/hosts/enka/default.nix b/hosts/enka/default.nix
index 0350962..b6fe7b9 100644
--- a/hosts/enka/default.nix
+++ b/hosts/enka/default.nix
@@ -7,19 +7,19 @@
 
   time.timeZone = "Europe/Istanbul";
 
-  users.users.root.passwordFile = config.age.secrets."enka.said.password".path;
+  users.users.root.hashedPasswordFile = config.age.secrets."enka.said.password.hash".path;
 
   users.users.said = graphicalUser {
-    description = "Said";
-    extraGroups = [ "wheel" ];
-    passwordFile = config.age.secrets."enka.said.password".path;
-    uid         = 1000;
+    description        = "Said";
+    extraGroups        = [ "wheel" ];
+    hashedPasswordFile = config.age.secrets."enka.said.password.hash".path;
+    uid                = 1000;
   };
 
   users.users.orhan = graphicalUser {
-    description = "Orhan";
-    passwordFile = builtins.trace (config.age.secrets) config.age.secrets."enka.orhan.password".path;
-    uid         = 1001;
+    description        = "Orhan";
+    hashedPasswordFile = builtins.trace (config.age.secrets) config.age.secrets."enka.orhan.password.hash".path;
+    uid                = 1001;
   };
 
   networking.firewall = enabled {
diff --git a/modules/users.nix b/modules/users.nix
new file mode 100644
index 0000000..b43732e
--- /dev/null
+++ b/modules/users.nix
@@ -0,0 +1,5 @@
+{ ulib, ... }: with ulib;
+
+systemConfiguration {
+  users.mutableUsers = false;
+}
diff --git a/secrets/acme.age b/secrets/acme.age
index 048845f..b386a61 100644
Binary files a/secrets/acme.age and b/secrets/acme.age differ
diff --git a/secrets/cube.id.age b/secrets/cube.id.age
index 0c5509d..598a6a4 100644
Binary files a/secrets/cube.id.age and b/secrets/cube.id.age differ
diff --git a/secrets/cube.mail.password.hash.age b/secrets/cube.mail.password.hash.age
index 8cd11fd..e9f2d36 100644
Binary files a/secrets/cube.mail.password.hash.age and b/secrets/cube.mail.password.hash.age differ
diff --git a/secrets/cube.password.age b/secrets/cube.password.age
deleted file mode 100644
index 6804bf5..0000000
--- a/secrets/cube.password.age
+++ /dev/null
@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 +rZ0Tw x9IJ2ck/8MA6Fs35/BMihuDmKQCSElWbOYJj0LjICm8
-05eogDn65uicgob/Y54fM48oPBEi6MG+MVYklCdGYCc
---- V2522x6kEJw9dTupA5GoH9n3bFCQwIoNbuRWmkNUb4E
-�5���%##�9={[�6�Oů;����o�]��z�4/���
\ No newline at end of file
diff --git a/secrets/cube.password.hash.age b/secrets/cube.password.hash.age
new file mode 100644
index 0000000..5313c77
Binary files /dev/null and b/secrets/cube.password.hash.age differ
diff --git a/secrets/enka.orhan.password.age b/secrets/enka.orhan.password.age
deleted file mode 100644
index d4e03b3..0000000
--- a/secrets/enka.orhan.password.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa jPaU3Q
-GlmABFdE3kDBw9CViYn1me+juMa33cJnG2A+JbFLkf0kxIjOc60fu1V94NgmkX+c
-GDwVJf3orhjdNPX74we7hjQh2Qr4TlgQJiBm8InqU5B+hM7UHU9rVkTXi0VGf+WP
-2AQM6ROk+zzGdfT2wGf9Q49DQ/hVLqTsY+CZI4+UvqUFYP8n/GiXAC4RaTAYA+RB
-krD5pFTsxRIu+l7J3JrbFDna1YpeYZhCXeIt5tvKOhJFUklzvlYhSc8g9kNKmE1/
-aN1wCy86vaHcxe3MBIBdj0vfqyQk+wx9lInW2GIqmjn84+HG/r4k9hShljdrJHLe
-h99xblajmoCSuLrw7Bx/zz9Bb9UApP0Jybn+2YKh0dKmFl/twIDZhNOUlxI6r/XM
-h8puG7Fmh/jaqrWFBflh4f73PcLuCUU93t0D29HRzELL1l99ZZNednSTj8BVnE0o
-kgOGpKzoC7B+T6SA8+9wg1RnXOCS5EjLhsNuIiOGr5Z/iIxpSG8ZyaE9IR/qHgXx
-
---- H1Sj5NTcvGobXVCgNTrFlJ43hM+M9wy02THaguqhvL8
-4k�>���f�(;lX�U	�L'Ȏ|C̓���xr�L\���iO
\ No newline at end of file
diff --git a/secrets/enka.orhan.password.hash.age b/secrets/enka.orhan.password.hash.age
new file mode 100644
index 0000000..224ec2c
Binary files /dev/null and b/secrets/enka.orhan.password.hash.age differ
diff --git a/secrets/enka.said.password.age b/secrets/enka.said.password.age
deleted file mode 100644
index 7d04208..0000000
--- a/secrets/enka.said.password.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa jPaU3Q
-n0HmR5sh8691NXK0g1f4IlxFsVDVD1/WFqOUHdIDIJCZJQJlnto+dAxK/Lm3116/
-F+4ptdlLrmOsK45KkKXqXGn2mVEDXUAtj6cfxO0uIF8hX6vdMI+pKkWkmGQrIMlP
-WExmWAB5aPdtMiKq/ON9OWzCgAGrrOxvt944tIcA/7JvtD/fiOB/n1CLq7xnG0z4
-wsnL5qxujrVYi5kfejPKH9iMLc0W9/4TBh99xlfCOSvu7ZdJSMeTBe3gYVSCS30n
-BiLwSXByQ9vhGjWOzw9WYRAR2QWh+Nez9z5O7RUTH4QyCnWNaqza9lixAid6GU9P
-eqScuqJD7t8/bbVB+AATlEcNKhajwg0+rI17rKAYavP5YBQMW3Wh8J6MeHDRNoll
-SjjN/JnSPzny2+UtaWxx86uM8r18l1aC1X3/yIHEU39IZNtEsRTXEeahszveT10j
-OKBd6DwDPHjP38Hz1hmg0VSqmZ88pLJjmx4nW5C/zBrzErl09aeYHDYaxBzLoaIv
-
---- E48Sdci1uNpRiCQUtsmHvrXfVp09RP1PZyYGE8fy/MA
-g�a�9�ߎ+�?�Ԭ���)�P�XDZ�N\�^s�5
\ No newline at end of file
diff --git a/secrets/enka.said.password.hash.age b/secrets/enka.said.password.hash.age
new file mode 100644
index 0000000..09e141d
--- /dev/null
+++ b/secrets/enka.said.password.hash.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-rsa jPaU3Q
+fcLnXbOJUuKFwACpygk4zFbvl77TiC/xhsqYKjqOBbuWUq29rvj1nBVAXMkaKBtY
+NZmJ21FIvvYhu7Yt8C49ePVdHbQnxix9TDjzAz8D3G3uuKcBJ8SO9t2faA64hPjV
+uNHWO5KMrtjdmYl195yg2BS//gBMgQVcoOSkE1ydla8Dso4pv27x6ZULVqeTlV+Z
+WMuK6RUknqJqlCLjaAIcUd7y/ALZJFucJ6yJk4JtUVbyxEYGt52wBEiELD/rXWop
+LWMgzKnLrL5xK07Z+9X94HUigtOMvpUDQUak6e4P46cZwzic6qZOCWBswnkQSuIe
+yWkGD0hpYkCDNlUkQXAs2jqICbpGXCNQ3plCeFp84B0hSs1gcg3gSkY8S8s9vUIv
+yx/BGdqz/Ev6tvqvYpSB8EN3bMEXzhW1wr698GFQVHNdcIAQrhuyPboa5rbsJZn5
+KueQnyH0ZNCBYs1tJC3u9IjRjS1Zi8i86nWmLvpKa6RXKHqVsbvi2Llvqn7SSE2o
+
+--- mkKbbwjMlBGtzye+ey4JDdT1zWxoI6nU2l8pNlG44ow
+)n�_�K�=M\`�&�r���vV�#��)��N�q�߸�Uԓ�(ܸOڋ��Z�f3���x�B9�eE�S��ݫа��#�1u�%��b
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1e9ca60..ee0de1f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,10 +1,10 @@
 with import ./keys.nix;
 
 {
-  "acme.age".publicKeys                    = [ cube ];
-  "cube.password.age".publicKeys           = [ cube ];
-  "cube.mail.password.hash.age".publicKeys = [ cube ];
-  "cube.id.age".publicKeys                 = [ rgbcube ];
-  "enka.said.password.age".publicKeys      = [ rgbcube ];
-  "enka.orhan.password.age".publicKeys     = [ rgbcube ];
+  "acme.age".publicKeys                     = [ cube ];
+  "cube.password.hash.age".publicKeys       = [ cube ];
+  "cube.mail.password.hash.age".publicKeys  = [ cube ];
+  "cube.id.age".publicKeys                  = [ rgbcube ];
+  "enka.said.password.hash.age".publicKeys  = [ rgbcube ];
+  "enka.orhan.password.hash.age".publicKeys = [ rgbcube ];
 }