diff --git a/README.md b/README.md
index 592638e..6bccc71 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,22 @@ Apple Silicon hosts require additional `--impure` flag for firmware installation
 - vetus (iMac 27" 2017)
 - celerrime (MacBook Air M2)
 
+## Modules
+
+Module example:
+```nix
+{ config, lib, ... }:
+
+let
+    cfg = config.my.MODULE;
+in {
+  options.my.MODULE.enable = lib.mkEnableOption "Enable MODULE";
+  config = lib.mkIf (cfg.enable) {
+    MODULE_CONFIGURATION
+  };
+}
+```
+
 ## Shells
 
 I "made" some shell in [shells/](./shells).
@@ -35,3 +51,9 @@ I install my dotfiles with prepared script
 ```shell
 curl https://iva.bz/nix | sh
 ```
+
+## TODO
+
+- Setup services (which I host)
+- Setup "secret" roles (I need them)
+- Setup router
diff --git a/common/networking.nix b/common/networking.nix
index cc30506..c11e399 100644
--- a/common/networking.nix
+++ b/common/networking.nix
@@ -2,6 +2,7 @@
 
 {
   networking.firewall.allowPing = true;
+
   networking.useNetworkd = lib.mkDefault true;
   systemd.network.wait-online.enable = lib.mkDefault false;
 
diff --git a/common/remote-access.nix b/common/remote-access.nix
index 61c51fd..401f008 100644
--- a/common/remote-access.nix
+++ b/common/remote-access.nix
@@ -5,7 +5,7 @@
     enable = true;
     settings.PasswordAuthentication = false;
     
-    # Cute banner, right?
+    # Cute banner, r-right?
     banner = ''
 
 Authorized access only!
@@ -14,7 +14,4 @@ If you are not authorized to access or use this system, disconnect now!
 
     '';
   };
-
-  # TODO: I don't use it
-  programs.mosh.enable = true;
 }
\ No newline at end of file
diff --git a/common/security.nix b/common/security.nix
index 9f9bfe2..ed8c6ea 100644
--- a/common/security.nix
+++ b/common/security.nix
@@ -19,6 +19,8 @@
   boot.kernel.sysctl = {
     "kernel.sysrq" = 0;
 
+    # Picked from https://github.com/trimstray/the-practical-linux-hardening-guide/wiki/Network-stack
+
     "net.ipv4.icmp_ignore_bogus_error_responces" = 1;
     "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
     "net.ipv4.conf.default.rp_filter" = 1;
diff --git a/common/user.nix b/common/user.nix
index 0615e3c..f8d505d 100644
--- a/common/user.nix
+++ b/common/user.nix
@@ -5,16 +5,17 @@ let
 in rec {
   users.mutableUsers = false;
 
+  users.groups.ivabus = { gid = 1000; };
   users.users.ivabus = {
     isNormalUser = true;
-    # Figure out groups I need
-    extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"];
+    group = "ivabus";
+    extraGroups = [ "users" "wheel" ];
     uid = 1000;
     packages = with pkgs; [
       tree
       cargo
       rustc
-      neofetch
+      neofetch # I use NixOS BTW
       htop
     ];
     shell = pkgs.zsh;
diff --git a/default.nix b/default.nix
index cbd5759..14fc881 100644
--- a/default.nix
+++ b/default.nix
@@ -2,7 +2,7 @@ rec {
   common = import ./common;
   roles = import ./roles;
 
-  modules = { pkgs, ... }: rec {
+  modules = { pkgs, ... }: {
     imports = [
       common
       roles
diff --git a/machines/stella/default.nix b/machines/stella/default.nix
index 1e6c57e..0da09f5 100644
--- a/machines/stella/default.nix
+++ b/machines/stella/default.nix
@@ -20,7 +20,7 @@ in {
     devel.enable = true;
     gaming.enable = true;
     graphical.enable = true;
-    latex.enable = true;
+    latex.enable = false;
     virtualisation.enable = true;
     yggdrasil-client.enable = true;
   };
@@ -37,4 +37,3 @@ in {
 
   system.stateVersion = "23.05";
 }
-
diff --git a/roles/devel.nix b/roles/devel.nix
index 2b247ff..2db5e75 100644
--- a/roles/devel.nix
+++ b/roles/devel.nix
@@ -14,6 +14,7 @@ in {
         llvm
         lld
         python3Full
+        gnumake
         automake
         autoconf
         meson
diff --git a/roles/latex.nix b/roles/latex.nix
index a12840d..a1d21a0 100644
--- a/roles/latex.nix
+++ b/roles/latex.nix
@@ -7,7 +7,7 @@ in {
   config = lib.mkIf (cfg.enable){
     environment.systemPackages = with pkgs; [
       # Maybe I don't need to use -full variant of texlive
-      # I should find distribution I actually need
+      # TODO: I should find distribution I actually need
       texlive.combined.scheme-full
     ];
   };
diff --git a/roles/virtualisation.nix b/roles/virtualisation.nix
index 239ebf5..d456513 100644
--- a/roles/virtualisation.nix
+++ b/roles/virtualisation.nix
@@ -5,6 +5,7 @@ let
 in {
   options.my.roles.virtualisation.enable = lib.mkEnableOption "Enable tools for virtualisation";
   config = lib.mkIf (cfg.enable) {
+    # TODO: Think if I ever need virtualisation
     virtualisation.libvirtd.enable = true;
     environment.systemPackages = with pkgs; [
       qemu_full
diff --git a/roles/yggdrasil-client.nix b/roles/yggdrasil-client.nix
index 39c4369..5139fa0 100644
--- a/roles/yggdrasil-client.nix
+++ b/roles/yggdrasil-client.nix
@@ -10,7 +10,7 @@ in {
       persistentKeys = true;
       settings = {
         Peers = [
-          # Maybe add more peers, not only mine
+          # TODO: Maybe add more peers, not only mine. But for now it's ok
           "tls://ygg.iva.bz:50002"
         ];
       };