diff --git a/common/programs/tailnet.nix b/common/programs/tailnet.nix
index 6ec5d2d..953b408 100644
--- a/common/programs/tailnet.nix
+++ b/common/programs/tailnet.nix
@@ -17,18 +17,12 @@ in
   options =
     { }
     // lib.attrsets.setAttrByPath cfg_path {
-      enable = lib.mkEnableOption "rust development tools";
-      useSecretsAuth = lib.mkOption {
-        type = lib.types.bool;
-        default = true;
-        description = "Whether to use secrets authentication for Tailscale";
-      };
+      enable = lib.mkEnableOption "enable tailnet";
       useHeadscale = lib.mkOption {
         type = lib.types.bool;
         default = true;
         description = "Whether to use headscale login server.";
       };
-
     };
 
   config = lib.mkIf cfg.enable {
@@ -37,7 +31,9 @@ in
       enable = true;
       openFirewall = true;
       useRoutingFeatures = "client";
-      authKeyFile = lib.mkIf cfg.useSecretsAuth config.age.secrets.headscale_auth.path;
+      authKeyFile = lib.mkIf (
+        config ? age && config.age ? secrets && config.age.secrets ? headscale_auth
+      ) config.age.secrets.headscale_auth.path;
       # https://tailscale.com/kb/1241/tailscale-up
       extraUpFlags = lib.mkIf cfg.useHeadscale [
         "--login-server=https://headscale.joshuabell.xyz"
diff --git a/hosts/h002/flake.nix b/hosts/h002/flake.nix
index 5730299..7eb232e 100644
--- a/hosts/h002/flake.nix
+++ b/hosts/h002/flake.nix
@@ -75,6 +75,7 @@
                       users = {
                         josh = {
                           imports = with common.homeManagerModules; [
+                            kitty
                             tmux
                             atuin
                             direnv