diff --git a/machines/gamepc/default.nix b/machines/gamepc/default.nix
index 300e628..970e9a5 100644
--- a/machines/gamepc/default.nix
+++ b/machines/gamepc/default.nix
@@ -6,6 +6,7 @@
   config = {
     pim = {
       cinnamon.enable = true;
+      inWheel = false;
     };
 
     facter.reportPath = ./facter.json;
diff --git a/machines/sue/default.nix b/machines/sue/default.nix
index bdddbd8..adb80e2 100644
--- a/machines/sue/default.nix
+++ b/machines/sue/default.nix
@@ -1,4 +1,4 @@
-{inputs, ...}: {
+{pkgs, ...}: {
   config = {
     pim = {
       lanzaboote.enable = true;
@@ -13,8 +13,25 @@
     services.tailscale.enable = true;
     facter.reportPath = ./facter.json;
     home-manager.users.pim.imports = [./home.nix];
-
     networking.hostName = "sue";
+
+    environment.systemPackages = with pkgs; [
+      borgbackup
+      kubectl
+      nmap
+      poppler_utils # For pdfunite
+      silicon
+      units
+    ];
+
+    virtualisation.docker = {
+      enable = true;
+      rootless = {
+        enable = true;
+        setSocketVariable = true;
+      };
+    };
+
     swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
     fileSystems = {
       "/" = {
diff --git a/nixos/default.nix b/nixos/default.nix
index bde07eb..406ed4d 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -21,167 +21,148 @@
     ./ssh.nix
   ];
 
-  time.timeZone = "Europe/Amsterdam";
-  i18n.defaultLocale = "en_US.UTF-8";
-  programs.ssh.startAgent = true;
-  systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
+  options.pim.inWheel = lib.mkOption {
+    type = lib.types.bool;
+    default = true;
+  };
 
-  services = {
-    xserver.enable = true;
+  config = {
+    time.timeZone = "Europe/Amsterdam";
+    i18n.defaultLocale = "en_US.UTF-8";
+    programs.ssh.startAgent = true;
+    systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
+    hardware.pulseaudio.enable = false;
 
-    tailscale = {
-      useRoutingFeatures = "client";
-      extraSetFlags = ["--accept-routes"];
+    services = {
+      xserver.enable = true;
+
+      tailscale = {
+        useRoutingFeatures = "client";
+        extraSetFlags = ["--accept-routes"];
+      };
+
+      printing = {
+        enable = true;
+        drivers = [pkgs.hplip pkgs.gutenprint];
+      };
+
+      pipewire = {
+        enable = true;
+        alsa.enable = true;
+        alsa.support32Bit = true;
+        pulse.enable = true;
+        jack.enable = true;
+      };
     };
 
-    printing = {
-      enable = true;
-      drivers = [pkgs.hplip pkgs.gutenprint];
+    users.users.pim = {
+      isNormalUser = true;
+      extraGroups =
+        ["docker" "input" "wireshark" "dialout"]
+        ++ lib.optional config.pim.inWheel "wheel";
     };
 
-    pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-      jack.enable = true;
-    };
-  };
-
-  users.users.pim = {
-    isNormalUser = true;
-    extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
-  };
-
-  environment = {
-    systemPackages = with pkgs; [
-      age
-      borgbackup
-      btop
-      btrfs-progs
-      curl
-      dig
-      exfat
-      f3
-      fastfetch
-      file
-      git
-      jq
-      kubectl
-      nmap
-      poppler_utils # For pdfunite
-      ripgrep
-      sbctl
-      silicon
-      tree
-      units
-      vim
-      wget
-      yq
-      ncdu
-      lshw
-    ];
-  };
-
-  system = {
-    stateVersion = "23.05";
-
-    activationScripts.diff = ''
-      if [[ -e  /run/current-system ]]; then
-        ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
-      fi
-    '';
-  };
-
-  security = {
-    rtkit.enable = true;
-
-    sudo.extraConfig = ''
-      Defaults        timestamp_timeout=30
-    '';
-  };
-
-  nix = {
-    package = pkgs.nixFlakes;
-    settings.trusted-users = ["root" "pim"];
-
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-
-    gc = {
-      automatic = true;
-      persistent = true;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
-    };
-  };
-
-  networking = {
-    useDHCP = lib.mkDefault true;
-    networkmanager.unmanaged = lib.mkIf config.services.tailscale.enable ["tailscale0"];
-    wireless.extraConfig = ''
-      p2p_disabled=1
-    '';
-  };
-
-  virtualisation.docker = {
-    enable = true;
-    rootless = {
-      enable = true;
-      setSocketVariable = true;
-    };
-  };
-
-  nixpkgs = {
-    hostPlatform = lib.mkDefault "x86_64-linux";
-
-    config = {
-      allowUnfreePredicate = pkg:
-        builtins.elem (lib.getName pkg) [
-          "libfprint-2-tod1-goodix"
-          "steam"
-          "steam-original"
-          "steam-run"
-        ];
+    environment = {
+      systemPackages = with pkgs; [
+        age
+        btop
+        btrfs-progs
+        curl
+        dig
+        exfat
+        f3
+        fastfetch
+        file
+        git
+        jq
+        ripgrep
+        sbctl
+        tree
+        vim
+        wget
+        yq
+        ncdu
+        lshw
+      ];
     };
 
-    overlays = [
-      inputs.nur.overlay
-      (final: _prev: {
-        unstable = import inputs.nixpkgs-unstable {
-          inherit (pkgs) system;
-          config.allowUnfree = true;
-        };
-      })
-    ];
-  };
+    system = {
+      stateVersion = "23.05";
 
-  boot = {
-    kernelModules = ["kvm-intel" "cdrom"];
-    extraModulePackages = [];
-
-    initrd = {
-      availableKernelModules = ["sd_mod"];
-      kernelModules = [];
+      activationScripts.diff = ''
+        if [[ -e  /run/current-system ]]; then
+          ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
+        fi
+      '';
     };
 
-    kernel.sysctl = {
+    security = {
+      rtkit.enable = true;
+
+      sudo.extraConfig = ''
+        Defaults        timestamp_timeout=30
+      '';
+    };
+
+    nix = {
+      package = pkgs.nixFlakes;
+      settings.trusted-users = ["root" "pim"];
+
+      extraOptions = ''
+        experimental-features = nix-command flakes
+      '';
+
+      gc = {
+        automatic = true;
+        persistent = true;
+        dates = "weekly";
+        options = "--delete-older-than 7d";
+      };
+    };
+
+    networking = {
+      useDHCP = lib.mkDefault true;
+      networkmanager.unmanaged = lib.mkIf config.services.tailscale.enable ["tailscale0"];
+      wireless.extraConfig = ''
+        p2p_disabled=1
+      '';
+    };
+
+    nixpkgs = {
+      hostPlatform = lib.mkDefault "x86_64-linux";
+
+      config = {
+        allowUnfreePredicate = pkg:
+          builtins.elem (lib.getName pkg) [
+            "libfprint-2-tod1-goodix"
+            "steam"
+            "steam-original"
+            "steam-run"
+          ];
+      };
+
+      overlays = [
+        inputs.nur.overlay
+        (final: _prev: {
+          unstable = import inputs.nixpkgs-unstable {
+            inherit (pkgs) system;
+            config.allowUnfree = true;
+          };
+        })
+      ];
+    };
+
+    boot.kernel.sysctl = {
       "net.core.default_qdisc" = "fq";
       "net.ipv4.tcp_congestion_control" = "bbr";
     };
-  };
 
-  hardware = {
-    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-    pulseaudio.enable = false;
-  };
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      extraSpecialArgs = {inherit self inputs;};
 
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = {inherit self inputs;};
-
-    users.pim.imports = ["${self}/home-manager"];
+      users.pim.imports = ["${self}/home-manager"];
+    };
   };
 }