diff --git a/modules/home/apps/cli-apps/fish/default.nix b/modules/home/apps/cli-apps/fish/default.nix
index 3f02d74..a67183b 100644
--- a/modules/home/apps/cli-apps/fish/default.nix
+++ b/modules/home/apps/cli-apps/fish/default.nix
@@ -24,7 +24,6 @@ in
         shellInit = ''
           zoxide init fish | source
           direnv hook fish | source
-          source ~/.config/op/plugins.sh
 
           set -x LESS_TERMCAP_mb \e'[01;32m'
           set -x LESS_TERMCAP_md \e'[01;32m'
diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix
index 10f37ef..5c7cb07 100644
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@@ -1,4 +1,5 @@
 {
+  config,
   inputs,
   lib,
   modulesPath,
@@ -9,6 +10,8 @@
 with lib.${namespace};
 let
   inherit (lib) mkForce;
+
+  ipAddress = "192.168.178.2";
 in
 {
   imports = with inputs.nixos-hardware.nixosModules; [
@@ -16,6 +19,7 @@ in
     raspberry-pi-5
   ];
 
+  security.sudo.wheelNeedsPassword = false;
   users.users.remotebuild = {
     isNormalUser = true;
     createHome = false;
@@ -51,10 +55,11 @@ in
     interfaces.wlan0 = {
       ipv4.addresses = [
         {
-          address = "192.168.178.2";
+          address = ipAddress;
           prefixLength = 24;
         }
       ];
+      useDHCP = true;
     };
     defaultGateway = {
       address = "192.168.178.1";
@@ -71,6 +76,59 @@ in
     };
   };
 
+  networking.firewall = {
+    allowedTCPPorts = [
+      53
+      80
+    ];
+    allowedUDPPorts = [
+      53
+    ];
+  };
+
+  services.adguardhome = {
+    enable = true;
+    host = ipAddress;
+    port = 80;
+
+    settings = {
+      http = {
+        address = "0.0.0.0:80";
+      };
+      dns = {
+        ratelimit = 0;
+        bind_hosts = [ "0.0.0.0" ];
+        upstream_dns = [
+          "1.1.1.1"
+          "1.0.0.1"
+          "8.8.8.8"
+          "8.8.4.4"
+        ];
+      };
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+      };
+
+      filters =
+        map
+          (url: {
+            enabled = true;
+            url = url;
+          })
+          [
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
+          ];
+
+    };
+  };
+
   # Pi specific stuff  
   raspberry-pi-nix.board = "bcm2712";
   hardware = {