diff --git a/hosts/common.nix b/hosts/common.nix
index ac4ebfc..5e2a663 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -2,7 +2,7 @@
 let
   inherit (config) machineVars;
 in {
-  sops.defaultSopsFile = ./.. + "secrets/${config.networking.hostName}.yaml";
+  sops.defaultSopsFile = ./.. + "/secrets/${config.networking.hostName}.yaml";
 
   sops.secrets = {
     "ssh/nix-builders/tsuki/key" = { sopsFile = ./../secrets/common.yaml; };
diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix
index 9d0a52b..2f9722c 100644
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@@ -50,6 +50,7 @@
 
   networking = {
     hostName = "tsuki";
+    hostId = "8425e349";
     networkmanager.enable = true;
     interfaces.ens18.useDHCP = true;
     firewall.enable=true;
diff --git a/modules/socketActivation.nix b/modules/socketActivation.nix
index 5382ca3..7221fa0 100644
--- a/modules/socketActivation.nix
+++ b/modules/socketActivation.nix
@@ -3,7 +3,7 @@ let
   inherit (lib) mkOption types mdDoc;
 in
 {
-  options.socketActivation = mkOption {
+  options.local.socketActivation = mkOption {
     type = types.attrsOf (types.submodule ({ name, ... }: {
       options = {
         enable = lib.mkEnableOption "socket activation for a systemd service";
@@ -109,7 +109,7 @@ in
   };
 
   config = let
-    activeServices = lib.filterAttrs (_: value: value.enable) config.socketActivation;
+    activeServices = lib.filterAttrs (_: value: value.enable) config.local.socketActivation;
     foreachService = f: lib.mapAttrsToList f activeServices;
   in {
     assertions = foreachService (name: value: {
@@ -130,13 +130,17 @@ in
       '';
     });
 
-    services.nginx.upstreams = let
-      servicesWithNginxUpstream = lib.filterAttrs (_: value: value.createNginxUpstream) activeServices;
-    in lib.mapAttrsToList (name: value: let
-      protocol = if lib.any (p: lib.hasPrefix p value.newSocketAddress) [ "/" "@" ]  then "unix" else "http";
-    in {
-      ${name}.servers."${protocol}:${value.newSocketAddress}" = { };
-    }) servicesWithNginxUpstream;
+    services.nginx.upstreams = lib.pipe activeServices [
+      (lib.filterAttrs (_: value: value.createNginxUpstream))
+      (lib.mapAttrsToList
+        (name: value: let
+          protocol = if lib.any (p: lib.hasPrefix p value.newSocketAddress) [ "/" "@" ]  then "unix" else "http";
+        in {
+          ${name}.servers."${protocol}:${value.newSocketAddress}" = { };
+        })
+      )
+      (lib.foldl lib.recursiveUpdate { })
+    ];
 
     systemd = lib.mkMerge (foreachService (name: value: let
       originalService = config.systemd.services.${value.service};