diff --git a/flake.nix b/flake.nix
index efa8789f..8d99ab86 100644
--- a/flake.nix
+++ b/flake.nix
@@ -22,7 +22,7 @@
   };
 
   outputs =
-    { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, ... }@inputs:
+    { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
     let
       inherit (nixpkgs) lib;
       inherit (builtins) filter mapAttrs;
@@ -32,8 +32,8 @@
       # Filter all nixos host definitions that are actual nix machines
       nixHosts = filter ({ nix ? true, ... }: nix) hosts;
 
+      # Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
       resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [
-        vault-secrets.nixosModules.vault-secrets
         ./nixos/common
         "${./.}/nixos/hosts/${profile}/configuration.nix"
       ] ++ (if lxc then [
@@ -42,16 +42,14 @@
       ]
       else [ ./nixos/common/generic-vm.nix ]);
 
-      # Create a nixosConfiguration based on a foldername (nixname) and if the host is an LXC container or a VM.
-      mkConfig = { hostname, profile ? hostname, lxc ? true, ... }@host: {
-        "${profile}" = lib.nixosSystem {
-          inherit system;
-          inherit specialArgs;
-          modules = resolveImports host; 
+      mkConfig = { hostname, ... }@host: {
+        "${hostname}" = lib.nixosSystem {
+          inherit system specialArgs;
+          modules = resolveImports host;
         };
       };
 
-      mkColmenaHost = { ip, hostname, profile ? hostname, lxc ? true, ... }@host: {
+      mkColmenaHost = { ip, hostname, ... }@host: {
         "${hostname}" = {
           imports = resolveImports host;
           deployment = {
@@ -61,7 +59,7 @@
         };
       };
 
-      legacyPackages = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
+      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
     in
     {
       # Make the config and deploy sets
@@ -74,7 +72,6 @@
               inherit system;
               overlays = [
                 (import ./nixos/pkgs)
-                vault-secrets.overlay
                 minecraft-servers.overlays.default
               ];
             };
@@ -83,25 +80,12 @@
         }
         nixHosts;
 
-      apps.${system} = rec {
-        vault-push-approles = {
-          type = "app";
-          program = "${legacyPackages.vault-push-approles self}/bin/vault-push-approles";
-        };
-        vault-push-approle-envs = {
-          type = "app";
-          program =
-            "${legacyPackages.vault-push-approle-envs self}/bin/vault-push-approle-envs";
-        };
-      };
-
       # Use by running `nix develop`
-      devShells.${system}.default = legacyPackages.mkShell {
+      devShells.${system}.default = pkgs.mkShell {
         VAULT_ADDR = "http://vault.olympus:8200/";
         # This only support bash so just execute zsh in bash as a workaround :/
         shellHook = "zsh; exit $?";
-        buildInputs = with legacyPackages; [
-          colmena
+        buildInputs = with pkgs; [
           fluxcd
           k9s
           kubectl
@@ -110,6 +94,8 @@
           nixfmt
           nixUnstable
           vault
+          (vault-push-approle-envs self)
+          (vault-push-approle-approles self)
         ];
       };
     };
diff --git a/nixos/common/default.nix b/nixos/common/default.nix
index a17e5fd6..9c0ef6ec 100644
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@@ -1,7 +1,8 @@
-{ config, pkgs, ... }:
+{ config, pkgs, inputs, ... }:
 
 {
   imports = [
+    inputs.vault-secrets.nixosModules.vault-secrets
     # User account definitions
     ./users
     ./services
@@ -23,13 +24,24 @@
         "https://cachix.cachix.org"
         "https://nix-community.cachix.org"
         "https://nixpkgs-review-bot.cachix.org"
+        "https://colmena.cachix.org"
       ];
       trusted-public-keys = [
         "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
+        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
       ];
     };
+    gc = {
+      dates = "weekly";
+      automatic = true;
+      randomizedDelaySec = "45min";
+    };
+    optimise = {
+      automatic = true;
+      dates = "weekly";
+    };
     extraOptions = ''
       experimental-features = nix-command flakes
     '';
diff --git a/nixos/common/users/default.nix b/nixos/common/users/default.nix
index 96ae9ceb..5cb68dfe 100644
--- a/nixos/common/users/default.nix
+++ b/nixos/common/users/default.nix
@@ -48,7 +48,7 @@
     ];
 
     # Make me admin
-    extraGroups = [ "wheel" ];
+    extraGroups = [ "systemd-journal" "wheel" ];
   };
 
   # Configure the root account
diff --git a/nixos/hosts/bastion/configuration.nix b/nixos/hosts/bastion/configuration.nix
index 8a2309f6..5d9adbb0 100644
--- a/nixos/hosts/bastion/configuration.nix
+++ b/nixos/hosts/bastion/configuration.nix
@@ -45,7 +45,6 @@ in {
   # Additional packages
   environment.systemPackages = with pkgs; [
     binutils
-    colmena
     fix-vscode
     fluxcd
     k9s