diff --git a/flake.lock b/flake.lock
index eeecd47..a022703 100644
--- a/flake.lock
+++ b/flake.lock
@@ -132,11 +132,11 @@
         "zls": "zls"
       },
       "locked": {
-        "lastModified": 1723659157,
-        "narHash": "sha256-IW15cd4jrTK9p2arrbNxnksZLUgsNz9wWzXBhjx42rA=",
+        "lastModified": 1724175906,
+        "narHash": "sha256-V4aYjELMU8UtqjU99lDqkwQpkv5vx0sSWq015ZZ91Mg=",
         "ref": "refs/heads/main",
-        "rev": "93c377c6a113b5cfb87370bdaf5cd63b58e2fe85",
-        "revCount": 6900,
+        "rev": "c9f40b7b8d22e2aa157c226e406485d85d2075f9",
+        "revCount": 7013,
         "type": "git",
         "url": "ssh://git@github.com/ghostty-org/ghostty"
       },
@@ -189,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723399884,
-        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "lastModified": 1723986931,
+        "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
         "type": "github"
       },
       "original": {
@@ -232,11 +232,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1723362943,
-        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
+        "lastModified": 1723991338,
+        "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
+        "rev": "8a3354191c0d7144db9756a74755672387b702ba",
         "type": "github"
       },
       "original": {
diff --git a/hosts/nemo/default.nix b/hosts/nemo/default.nix
index e4a5143..fc54560 100644
--- a/hosts/nemo/default.nix
+++ b/hosts/nemo/default.nix
@@ -89,6 +89,7 @@
     firewall.enable = false;
     networkmanager.enable = false;
     useDHCP = false;
+
     wireless.iwd = {
       enable = true;
       settings = {
@@ -97,7 +98,6 @@
           EnableIPv6 = false;
           NameResolvingService = "systemd";
         };
-        Scan.DisablePeriodicScan = true;
         Settings = {
           AutoConnect = true;
         };
@@ -115,22 +115,20 @@
     linkConfig.RequiredForOnline = "routable";
   };
 
-  # FIXME: pam_rssh is broken from rust 1.80 upgrade
-  # environment.systemPackages = [ pkgs.pam_rssh ];
-  # security = {
-  #   pam.services.doas =
-  #     { config, ... }:
-  #     {
-  #       rules.auth.rssh = {
-  #         order = config.rules.auth.ssh_agent_auth.order - 1;
-  #         control = "sufficient";
-  #         modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so";
-  #         settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" ''
-  #           cat "/etc/ssh/authorized_keys.d/$1"
-  #         '';
-  #       };
-  #     };
-  # };
+  security = {
+    pam.services.doas =
+      { config, ... }:
+      {
+        rules.auth.rssh = {
+          order = config.rules.auth.ssh_agent_auth.order - 1;
+          control = "sufficient";
+          modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so";
+          settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" ''
+            cat "/etc/ssh/authorized_keys.d/$1"
+          '';
+        };
+      };
+  };
 
   services.resolved = {
     enable = true;
@@ -166,6 +164,7 @@
   environment.systemPackages = with pkgs; [
     ffado
     lm_sensors
+    pkgs.pam_rssh
     openconnect
   ];