diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix
index 12c96ab..a21a5ac 100755
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@@ -41,6 +41,9 @@ in {
     targetHost = "imbored.dev";
     targetUser = "ae";
     targetPort = 22;
+    sshOptions = [
+      "-A" # forward ssh-agent
+    ];
     buildOnTarget = false; # build locally then deploy
   };
 
@@ -420,10 +423,16 @@ in {
       defaults.email = "eclarkboman@gmail.com";
     };
 
-    sudo.wheelNeedsPassword = true;
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = true;
+    };
     # allow SSH keys for passwordless auth
     # TODO: DO NOT USE THIS (create my own alternative to colmena)
-    pam.services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    pam = {
+      enableSSHAgentAuth = true;
+      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    };
   };
 
   environment.systemPackages = with pkgs; [