diff --git a/host/boot.nix b/common/boot.nix
similarity index 100%
rename from host/boot.nix
rename to common/boot.nix
diff --git a/host/default.nix b/common/default.nix
similarity index 78%
rename from host/default.nix
rename to common/default.nix
index 54044fe..f38170d 100644
--- a/host/default.nix
+++ b/common/default.nix
@@ -1,9 +1,12 @@
 { var, ... }:
 {
   imports = [
+    ../mod
+    ../desktop
     ./boot.nix
     ./locale.nix
     ./nix.nix
+    ./security.nix
     ./shell.nix
     ./users.nix
   ];
diff --git a/host/locale.nix b/common/locale.nix
similarity index 100%
rename from host/locale.nix
rename to common/locale.nix
diff --git a/host/nix.nix b/common/nix.nix
similarity index 100%
rename from host/nix.nix
rename to common/nix.nix
diff --git a/common/security.nix b/common/security.nix
new file mode 100644
index 0000000..9691095
--- /dev/null
+++ b/common/security.nix
@@ -0,0 +1,22 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  security = {
+    protectKernelImage = true;
+    sudo.enable = false;
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          groups = [ "wheel" ];
+          persist = true;
+          keepEnv = true;
+        }
+      ];
+    };
+  };
+}
diff --git a/host/shell.nix b/common/shell.nix
similarity index 91%
rename from host/shell.nix
rename to common/shell.nix
index 019294f..8ccc850 100644
--- a/host/shell.nix
+++ b/common/shell.nix
@@ -6,18 +6,13 @@
   ];
 
   environment.systemPackages = with pkgs; [
-    bc
     docker-compose
     fd
-    gh
     htop
     killall
     ripgrep
-    starship
-    stow
     unzip
     wget
-    wl-clipboard
     colmena
     unison
     dnsutils
@@ -25,7 +20,6 @@
 
   programs = {
     fish.enable = true;
-    git.enable = true;
     tmux = {
       enable = true;
       clock24 = true;
diff --git a/host/users.nix b/common/users.nix
similarity index 100%
rename from host/users.nix
rename to common/users.nix
diff --git a/mod/desktop/audio.nix b/desktop/audio.nix
similarity index 80%
rename from mod/desktop/audio.nix
rename to desktop/audio.nix
index 517546a..9ee9b3b 100644
--- a/mod/desktop/audio.nix
+++ b/desktop/audio.nix
@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.audio;
+  cfg = config.hd.desktop.audio;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.audio.enable = mkEnableOption "Audio";
+  options.hd.desktop.audio.enable = mkEnableOption "Audio";
 
   config = mkIf cfg.enable {
     environment.systemPackages = with pkgs; [
diff --git a/mod/desktop/default.nix b/desktop/default.nix
similarity index 90%
rename from mod/desktop/default.nix
rename to desktop/default.nix
index 5e9654f..b1735f9 100644
--- a/mod/desktop/default.nix
+++ b/desktop/default.nix
@@ -6,7 +6,7 @@
   ...
 }:
 let
-  cfg = config.desktop;
+  cfg = config.hd.desktop;
   inherit (lib) mkEnableOption mkIf;
 in
 {
@@ -23,7 +23,7 @@ in
   ];
 
   options = {
-    desktop.enable = mkEnableOption "Desktop Configuration";
+    hd.desktop.enable = mkEnableOption "Desktop Configuration";
     home = lib.mkOption {
       type = lib.types.attrsOf lib.types.str;
       default = { };
@@ -32,7 +32,7 @@ in
   };
 
   config = mkIf cfg.enable {
-    desktop = {
+    hd.desktop = {
       audio.enable = true;
       fonts.enable = true;
       gpg.enable = true;
diff --git a/mod/desktop/fonts.nix b/desktop/fonts.nix
similarity index 80%
rename from mod/desktop/fonts.nix
rename to desktop/fonts.nix
index 5e921da..cc6d362 100644
--- a/mod/desktop/fonts.nix
+++ b/desktop/fonts.nix
@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.fonts;
+  cfg = config.hd.desktop.fonts;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.fonts.enable = mkEnableOption "Fonts";
+  options.hd.desktop.fonts.enable = mkEnableOption "Fonts";
   config = mkIf cfg.enable {
     fonts = {
       packages = with pkgs; [
diff --git a/mod/desktop/gpg.nix b/desktop/gpg.nix
similarity index 85%
rename from mod/desktop/gpg.nix
rename to desktop/gpg.nix
index 21f6e13..ad40479 100644
--- a/mod/desktop/gpg.nix
+++ b/desktop/gpg.nix
@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.gpg;
+  cfg = config.hd.desktop.gpg;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.gpg.enable = mkEnableOption "GPG";
+  options.hd.desktop.gpg.enable = mkEnableOption "GPG";
   config = mkIf cfg.enable {
     home = {
       home.packages = with pkgs; [
diff --git a/mod/desktop/network.nix b/desktop/network.nix
similarity index 96%
rename from mod/desktop/network.nix
rename to desktop/network.nix
index 84f45d5..c3b0d5e 100644
--- a/mod/desktop/network.nix
+++ b/desktop/network.nix
@@ -6,11 +6,11 @@
   ...
 }:
 let
-  cfg = config.desktop.network;
+  cfg = config.hd.desktop.network;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.network = {
+  options.hd.desktop.network = {
     enable = mkEnableOption "All Network Options";
   };
 
diff --git a/desktop/security.nix b/desktop/security.nix
new file mode 100644
index 0000000..564c619
--- /dev/null
+++ b/desktop/security.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.hd.desktop.security;
+  inherit (lib) mkEnableOption mkIf;
+in
+{
+  options.hd.desktop.security.enable = mkEnableOption "Security";
+  config = mkIf cfg.enable {
+    security = {
+
+    };
+  };
+}
diff --git a/mod/desktop/services.nix b/desktop/services.nix
similarity index 88%
rename from mod/desktop/services.nix
rename to desktop/services.nix
index 5e95036..e58d9b5 100644
--- a/mod/desktop/services.nix
+++ b/desktop/services.nix
@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.services;
+  cfg = config.hd.desktop.services;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.services.enable = mkEnableOption "Services";
+  options.hd.desktop.services.enable = mkEnableOption "Services";
 
   config = mkIf cfg.enable {
     services = {
diff --git a/mod/desktop/software/default.nix b/desktop/software/default.nix
similarity index 79%
rename from mod/desktop/software/default.nix
rename to desktop/software/default.nix
index 90f0579..f8b5954 100644
--- a/mod/desktop/software/default.nix
+++ b/desktop/software/default.nix
@@ -5,31 +5,35 @@
   ...
 }:
 let
-  cfg = config.desktop.software;
+  cfg = config.hd.desktop.software;
   inherit (lib) mkEnableOption mkIf;
 in
 {
   imports = [ ./development.nix ];
 
-  options.desktop.software.enable = mkEnableOption "Software";
+  options.hd.desktop.software.enable = mkEnableOption "Software";
 
   config = mkIf cfg.enable {
-    desktop.software.development.enable = true;
+    hd.desktop.software.development.enable = true;
 
     environment.systemPackages = with pkgs; [
       # vesktop
       bitwarden
       calibre
       element-desktop
+      gh
       kitty
       nil
       obsidian
       rclone
       signal-desktop
       spotify
+      starship
+      stow
       tor-browser
       vlc
       wireguard-tools
+      wl-clipboard
       zotero
       zulip
     ];
@@ -40,6 +44,7 @@ in
 
     programs = {
       firefox.enable = true;
+      git.enable = true;
       kdeconnect.enable = true;
     };
 
diff --git a/mod/desktop/software/development.nix b/desktop/software/development.nix
similarity index 78%
rename from mod/desktop/software/development.nix
rename to desktop/software/development.nix
index 24a4759..a25f3e8 100644
--- a/mod/desktop/software/development.nix
+++ b/desktop/software/development.nix
@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.software.development;
+  cfg = config.hd.desktop.software.development;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.software.development.enable = mkEnableOption "Dev Software";
+  options.hd.desktop.software.development.enable = mkEnableOption "Dev Software";
 
   config = mkIf cfg.enable {
     documentation.dev.enable = true;
diff --git a/mod/desktop/window-manager.nix b/desktop/window-manager.nix
similarity index 76%
rename from mod/desktop/window-manager.nix
rename to desktop/window-manager.nix
index 9a9531a..122987d 100644
--- a/mod/desktop/window-manager.nix
+++ b/desktop/window-manager.nix
@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.desktop.wm;
+  cfg = config.hd.desktop.wm;
   inherit (lib) mkEnableOption mkIf;
 in
 {
-  options.desktop.wm.enable = mkEnableOption "Window Manager";
+  options.hd.desktop.wm.enable = mkEnableOption "Window Manager";
 
   config = mkIf cfg.enable {
     # Enable the KDE Plasma Desktop Environment.
diff --git a/flake.nix b/flake.nix
index 1aa34b0..763b553 100644
--- a/flake.nix
+++ b/flake.nix
@@ -45,9 +45,8 @@
           };
           modules = [
             ./host/solo
-            ./host
-            ./mod
-            ./mod-hm
+            ./home
+            ./common
             overlays
           ];
         };
@@ -59,9 +58,8 @@
           };
           modules = [
             ./host/c2
-            ./host
-            ./mod
-            ./mod-hm
+            ./home
+            ./common
             overlays
           ];
         };
@@ -81,8 +79,7 @@
           };
           imports = [
             ./host/roam
-            ./host
-            ./mod
+            ./common
             overlays
           ];
         };
diff --git a/mod-hm/default.nix b/home/default.nix
similarity index 92%
rename from mod-hm/default.nix
rename to home/default.nix
index 98b24f3..7e076be 100644
--- a/mod-hm/default.nix
+++ b/home/default.nix
@@ -11,7 +11,7 @@
     inputs.home-manager.nixosModules.home-manager
   ];
 
-  config = lib.mkIf config.desktop.enable {
+  config = lib.mkIf config.hd.desktop.enable {
     home-manager.users."hd" = lib.mkAliasDefinitions options.home;
     # install to /etc/profiles, not ~/.nix-profile
     home-manager.useUserPackages = true;
diff --git a/mod-hm/protonmail-bridge.nix b/home/protonmail-bridge.nix
similarity index 100%
rename from mod-hm/protonmail-bridge.nix
rename to home/protonmail-bridge.nix
diff --git a/mod-hm/unison.nix b/home/unison.nix
similarity index 100%
rename from mod-hm/unison.nix
rename to home/unison.nix
diff --git a/host/c2/default.nix b/host/c2/default.nix
index cb29ff8..28a2e68 100644
--- a/host/c2/default.nix
+++ b/host/c2/default.nix
@@ -17,7 +17,7 @@
     cpuFreqGovernor = "ondemand";
   };
 
-  desktop.enable = true;
+  hd.desktop.enable = true;
 
   nix = {
     buildMachines = [
@@ -43,6 +43,10 @@
       	'';
   };
 
+  networking.firewall = {
+    enable = true;
+  };
+
   # ====== DON'T CHANGE ======
   system.stateVersion = "25.05";
 }
diff --git a/host/solo/default.nix b/host/solo/default.nix
index 8b3bde1..0752652 100644
--- a/host/solo/default.nix
+++ b/host/solo/default.nix
@@ -13,11 +13,15 @@
     cpuFreqGovernor = "performance";
   };
 
-  desktop.enable = true;
+  hd.desktop.enable = true;
 
   networking.useDHCP = false;
   networking.interfaces.enp4s0.useDHCP = true;
 
+  networking.firewall = {
+    enable = true;
+  };
+
   # ====== DON'T CHANGE ======
   system.stateVersion = "25.05";
 }
diff --git a/mod/default.nix b/mod/default.nix
index 3dcee22..589b276 100644
--- a/mod/default.nix
+++ b/mod/default.nix
@@ -2,6 +2,5 @@
 {
   imports = [
     ./nginx.nix
-    ./desktop
   ];
 }
diff --git a/mod/desktop/security.nix b/mod/desktop/security.nix
deleted file mode 100644
index 5bc97a0..0000000
--- a/mod/desktop/security.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.desktop.security;
-  inherit (lib) mkEnableOption mkIf;
-in
-{
-  options.desktop.security.enable = mkEnableOption "Security";
-  config = mkIf cfg.enable {
-    security.protectKernelImage = true;
-
-    security.sudo.enable = false;
-    security.doas = {
-      enable = true;
-      extraRules = [
-        {
-          groups = [ "wheel" ];
-          persist = true;
-          keepEnv = true;
-        }
-      ];
-    };
-  };
-}